Last active
May 26, 2018 23:04
-
-
Save geyslan/5376542 to your computer and use it in GitHub Desktop.
Multi-pattern Insertion Shellcode Encoder - Python Language - forlife
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is a snippet of the original file in https://github.com/geyslan/SLAE/blob/master/4th.assignment/insertion_encoder.py | |
#!/usr/bin/python | |
# -*- coding: utf-8 -*- | |
import sys | |
import getopt | |
import string | |
def usage (): | |
usage = """ | |
-g --garbage Garbage Byte to be inserted (one byte in hex format) | |
Default is 3f | |
Eg. -g 2f | |
--garbage 2f | |
-p --pattern Pattern of insertion. Garbage = x; True Shellcode Byte = b | |
Default is xb | |
Eg. -p xxxbbxbb | |
-p xbbbxbbx | |
--pattern xxbxxbxx | |
-e --end End signature (two bytes in hex format) | |
Default is f1f1 | |
Eg. -e f2f2 | |
--end f1aa | |
-s --shellcode The shellcode to be encoded with the Garbage Insertion Byte | |
Eg. -s $'\\xcd\\x80' | |
--shellcode `printf "\\xcc\\x90"` | |
-h --help This help | |
""" | |
print(usage) | |
def main(): | |
garbageByte = "3f" | |
pattern = "xb" | |
endSignature = "f1f1" | |
shellcode = "" | |
try: | |
opts, args = getopt.getopt(sys.argv[1:], "hg:p:e:s:") | |
except getopt.GetoptError as err: | |
print(err) | |
usage() | |
sys.exit() | |
hasShellcode = False | |
for o, a in opts: | |
if o in ("-h", "--help"): | |
usage() | |
sys.exit() | |
elif o in ("-g", "--garbage"): | |
if (len(a) != 2 or not all(h in string.hexdigits for h in a)): | |
print(" Garbage has to be in hex format. Eg. -g 3f\n") | |
sys.exit() | |
garbageByte = a | |
elif o in ("-p", "--pattern"): | |
if (len(a) < 2 or not "x" in a): | |
print(" Pattern has to be at least two differents bytes. Eg. -p bx\n") | |
sys.exit() | |
pattern = a | |
elif o in ("-e", "--end"): | |
if (len(a) != 4 or not all(h in string.hexdigits for h in a)): | |
print(" End signature has to be in hex format. Eg. -e f1f1\n") | |
sys.exit() | |
endSignature = a | |
elif o in ("-s", "--shellcode"): | |
shellcode = a.encode("utf_8", "surrogateescape") | |
if (not shellcode): | |
print(" Is necessary to inform a shellcode. Eg. -s $'\\xcd\\x80'\n") | |
sys.exit() | |
if (int("0x" + garbageByte, 16) in bytearray(shellcode)): | |
print(" The shellcode being processed contains the byte '0x" + garbageByte + "'. " \ | |
"Please choose another Garbage!\n") | |
sys.exit() | |
endfirst = int("0x" + endSignature[:-2], 16) | |
endsecond = int("0x" + endSignature[-2:], 16) | |
for x in range(len(shellcode)): | |
if (endfirst == shellcode[x] and x < len(shellcode) - 1): | |
if( endsecond == shellcode[x+1]): | |
print(" The shellcode being processed contains the ordered bytes '" + \ | |
hex(endfirst) + "' '" + hex(endsecond) + \ | |
"'. Please choose other End Signature!\n") | |
sys.exit() | |
encoded = '"' | |
encoded2 = "" | |
encoded3 = '"' | |
encoded4 = "" | |
print("Multi-pattern Insertion Shellcode Encoder") | |
print("http://hackingbits.com") | |
print("https://github.com/geyslan/SLAE.git") | |
print("License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>\n\n") | |
print("Encoded shellcode:") | |
p = 0 | |
s = 0 | |
while 1: | |
if (pattern[p] != "x" and pattern[p] != "b"): | |
print(" Pattern invalid: " + pattern + "\n") | |
print(" See the help.\n") | |
sys.exit() | |
if (pattern[p] == "x"): | |
encoded += "\\x" + garbageByte | |
if (s < len(shellcode)): | |
if (pattern[p] == "b"): | |
encoded += "\\x%02x" % shellcode[s] | |
s += 1 | |
p += 1 | |
if (p == len(pattern)): | |
p = 0 | |
if (s == len(bytearray(shellcode)) and p == 0): | |
break | |
encoded += '";' | |
encoded2 = encoded.replace("\\x", ",0x")[+2:-2] | |
end = r"\x" + endSignature[:-2] + r"\x" + endSignature[-2:] | |
encoded3 += r"\xeb\x1a\x5e\x8d\x3e\x31\xc9\x8b\x1c\x0e" | |
encoded3 += r"\x41\x66\x81\xfb" | |
encoded3 += end | |
encoded3 += r"\x74\x0f\x80\xfb" | |
encoded3 += r"\x" + garbageByte | |
encoded3 += r"\x74\xf0\x88\x1f\x47\xeb\xeb\xe8\xe1\xff" | |
encoded3 += r"\xff\xff" | |
encoded3 += encoded[+1:-2] | |
encoded3 += end | |
encoded3 += '";' | |
encoded4 = encoded3.replace("\\x" , ",0x")[+2:-2] | |
print() | |
print(encoded) | |
print() | |
print(encoded2) | |
print() | |
print() | |
print("Encoded shellcode with decoder built-in:") | |
print() | |
print(encoded3) | |
print() | |
print(encoded4) | |
print() | |
print() | |
print("Length before: %d" % len(bytearray(shellcode))) | |
print("Length after: %d" % ((len(encoded) - 2) /4)) | |
print("Length with decoder: %d" % ((len(encoded3) - 2) /4)) | |
if __name__ == "__main__": | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment