![]() add_argument ( "-e", "-encrypt", help = "encrypt shellcode", action = "store_true" ) parser. ![]() add_argument ( "inp", type = str, help = "shellcode to encrypt/decrypt/execute" ) parser. ArgumentParser ( add_help = True ) parser. ![]() Crypterįrom Crypto.Cipher import AES from Crypto.Random import random import argparse import random import sys import os #doing argument parsing You can find the code below, it is pretty heavily commented to help those who are not used to reading ugly python. The script successfully encrypts, decrypts, and executes shellcode. Execution Processįor execution, the script just appends a shellcode.c writing process onto the decryption function and then compiles and runs that file. I picked this concept up from the SLAE coursework itself, and it was awesome to apply it to this python script. The script iterates through the entire keyspace decrypting the input shellcode with each key until it spots our \\xff padding and then it knows it has found the right key and prints the output. The decryption scheme is straightforward. prints shellcode in format thats compatible with the decryption process.encrypts input padding with randomly chosen key and iv, and.generates a keyspace with seed character names from hacker movies,.pads the shellcode with \\xff bytes to get it to a multiple of 16 (AES requires key sizes of n*16),.takes shellcode input in the format of \\xaa\\xbb\\xcc.,.I was shocked by how fast a computer running a poorly written python script can iterate through that many keys! At a high-level, the encryption function does the following: ![]() My encryption scheme uses some fictional hacker lore as seed terms to generate a keyspace that ends up being a little over 1.4 million keys. Note: we are NOT using Python3 Encryption Process I wanted a decryption scheme that only required shellcode input, so I designed the decryption function to brute force its own key!įor this excercise we’ll be using a 25 byte long execve shellcode in the following format: \\x31\\xc0\\x50\\圆8\\x2f\\x2f\\x73\\圆8\\圆8\\x2f\\圆2\\圆9\\圆e\\x89\\xe3\\x50\\x89\\xe2\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80įor an encryption scheme I used AES with imports from the Crypto.Cipherpackage. Since its the last assignment, I decided to have some fun with it and went for novelty over strong encryption. For the purposes of this excercise I chose to work with python. The 7th and final assignment for SLAE was create a custom encryption/decryption scheme for our shellcode.
0 Comments
Leave a Reply. |