Page d'accueil>Lié à la programmation>Code source de Delphes
Télécharger

ID d'étudiant: SLAE-1530

Affectation SLAE32 N ° 7 - Crypters

Ce crypter Shellcode utilise le chiffre RC4 pour crypter et décrypter la charge utile directement en mémoire.

La touche RC4 n'est pas connue à la fois par Cryter et Stub, elle sera brutée au temps d'exécution CRC32(Random(Length=4)) . N'hésitez pas à augmenter la longueur de la clé aléatoire, remarquez qu'elle pourrait augmenter considérablement le temps avant que Shellcode ne soit décrypté.

Lorsque la charge utile est déchiffrée au moment de l'exécution, le talon créera une nouvelle région de mémoire exécutable et copie le ShellCode décrypté dans cette région avant l'exécution.

Cela signifie que cela ne nécessite pas que la pile soit exécutable.

La charge utile est stockée à l'EOF du talon généré.

Pour compiler à la fois Stub et Cryter, vous aurez besoin d'installation de Lazarus sur votre machine Linux.

Sur Ubuntu / Debian, vous pouvez utiliser la commande suivante:

Utilisateur local @: $ sudo apt install lazarus

Usage

Local @ utilisateur: $ Crypter/dist/crypter <shellcode> <outputfile>

Exemple

Local @ utilisateur: $ Crypter/dist/crypter "x31xc0x50x68x62x61x73x68x68x69x6ex2fx2fx68x2fx2fx2fx62x89xe3x66xb8x2dx63x50x31xc0x89xe2x50x68x73x73x77x64x68x63x2fx70x61x68x20x2fx65x74x68x2fx63x61x74x68x2fx62x69x6ex89xe6x50x56x52x53x89xe1x50x89xe2xb0x0bxcdx80" /tmp/encrypted_payload

Local @ utilisateur: $ /tmp/encrypted_payload

Compiler les instructions

Build.py

Build.py Script est conçu pour compiler à la fois Stub et Cryter , mais pas seulement.

Lorsqu'une nouvelle version du programme Stub est générée, le script intégre le talon brut directement à l'intérieur du crypter .

Cela est nécessaire car le programme Cryter est complètement autonome, le talon est intégré à l'intérieur.

local @ utilisateur: $ cd Crypter && python3 build.py

Exemple de sortie 

 phrozen@ubuntu:~/SLAE32/SLAE-Exam/Level7/git/slae32-crypters$ cd Crypter && python3 build.py
[*] Compile stub project...
Hint: (11030) Start of reading config file /etc/fpc.cfg
Hint: (11031) End of reading config file /etc/fpc.cfg
Free Pascal Compiler version 3.0.4+dfsg-18ubuntu2 [2018/08/29] for i386
Copyright (c) 1993-2017 by Florian Klaempfl and others
(1002) Target OS: Linux for i386
(3104) Compiling stub.dpr
(3104) Compiling ../shared/unteof.pas
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/stub/../shared/unteof.pas(92,47) Hint: (4035) Mixing signed expressions and longwords gives a 64bit result
(3104) Compiling ../shared/untrc4.pas
(3104) Compiling ../shared/untcrc32.pas
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/stub/../shared/untcrc32.pas(113,43) Hint: (4055) Conversion between ordinals and pointers is not portable
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/stub/../shared/untcrc32.pas(113,61) Hint: (4035) Mixing signed expressions and longwords gives a 64bit result
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/stub/../shared/untcrc32.pas(113,37) Warning: (4056) Conversion between ordinals and pointers is not portable
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/stub/../shared/untrc4.pas(244,13) Hint: (4055) Conversion between ordinals and pointers is not portable
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/stub/../shared/untrc4.pas(244,31) Hint: (4035) Mixing signed expressions and longwords gives a 64bit result
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/stub/../shared/untrc4.pas(244,7) Warning: (4056) Conversion between ordinals and pointers is not portable
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/stub/../shared/untrc4.pas(244,56) Hint: (4055) Conversion between ordinals and pointers is not portable
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/stub/../shared/untrc4.pas(244,74) Hint: (4035) Mixing signed expressions and longwords gives a 64bit result
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/stub/../shared/untrc4.pas(244,50) Warning: (4056) Conversion between ordinals and pointers is not portable
(3104) Compiling ../shared/untfunctions.pas
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/stub/../shared/untfunctions.pas(30,37) Hint: (4055) Conversion between ordinals and pointers is not portable
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/stub/../shared/untfunctions.pas(30,55) Hint: (4035) Mixing signed expressions and longwords gives a 64bit result
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/stub/../shared/untfunctions.pas(30,31) Warning: (4056) Conversion between ordinals and pointers is not portable
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/stub/stub.dpr(43,30) Hint: (4079) Converting the operands to "Int64" before doing the add could prevent overflow errors.
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/stub/stub.dpr(31,5) Note: (5025) Local variable "n" not used
(9015) Linking stub
/usr/bin/ld.bfd: warning: link.res contains output sections; did you forget -T?
(1008) 836 lines compiled, 0.2 sec
(1021) 4 warning(s) issued
(1022) 12 hint(s) issued
(1023) 1 note(s) issued
[+] Stub project successfully built.
[*] Patch stub file on crypter project...
[*] Finding tags locations
[+] Tags found. tag_begin=433, tag_end=6263778
[*] Generate stub array...
[*] Patch stub source file...
[+] Stub source file successfully patched.
[*] Compile crypter project...
Hint: (11030) Start of reading config file /etc/fpc.cfg
Hint: (11031) End of reading config file /etc/fpc.cfg
Free Pascal Compiler version 3.0.4+dfsg-18ubuntu2 [2018/08/29] for i386
Copyright (c) 1993-2017 by Florian Klaempfl and others
(1002) Target OS: Linux for i386
(3104) Compiling crypter.dpr
(3104) Compiling /home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/untrc4.pas
(3104) Compiling /home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/untcrc32.pas
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/untcrc32.pas(113,43) Hint: (4055) Conversion between ordinals and pointers is not portable
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/untcrc32.pas(113,61) Hint: (4035) Mixing signed expressions and longwords gives a 64bit result
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/untcrc32.pas(113,37) Warning: (4056) Conversion between ordinals and pointers is not portable
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/untrc4.pas(244,13) Hint: (4055) Conversion between ordinals and pointers is not portable
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/untrc4.pas(244,31) Hint: (4035) Mixing signed expressions and longwords gives a 64bit result
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/untrc4.pas(244,7) Warning: (4056) Conversion between ordinals and pointers is not portable
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/untrc4.pas(244,56) Hint: (4055) Conversion between ordinals and pointers is not portable
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/untrc4.pas(244,74) Hint: (4035) Mixing signed expressions and longwords gives a 64bit result
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/untrc4.pas(244,50) Warning: (4056) Conversion between ordinals and pointers is not portable
(3104) Compiling /home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/untfunctions.pas
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/untfunctions.pas(30,37) Hint: (4055) Conversion between ordinals and pointers is not portable
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/untfunctions.pas(30,55) Hint: (4035) Mixing signed expressions and longwords gives a 64bit result
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/untfunctions.pas(30,31) Warning: (4056) Conversion between ordinals and pointers is not portable
(3104) Compiling /home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/unttypes.pas
(3104) Compiling /home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/unteof.pas
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/shared/unteof.pas(92,47) Hint: (4035) Mixing signed expressions and longwords gives a 64bit result
(3104) Compiling untlocalfunctions.pas
(3104) Compiling untstub.pas
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/crypter/crypter.dpr(33,61) Hint: (5092) Variable "AShellcode" of a managed type does not seem to be initialized
/home/phrozen/SLAE32/SLAE-Exam/Level7/git/slae32-crypters/Crypter/crypter/crypter.dpr(49,75) Hint: (5058) Variable "ASignature" does not seem to be initialized
(9015) Linking crypter
/usr/bin/ld.bfd: warning: link.res contains output sections; did you forget -T?
(1008) 78238 lines compiled, 0.8 sec
(1021) 4 warning(s) issued
(1022) 13 hint(s) issued
[+] Crypter project successfully built.
[*] copy crypter to "dist" directory...
[*] doing some cleanup...
[+] Crypter successfully compiled and is ready for use!
[*] Have fun :-)
Développer
Informations supplémentaires
Applications connexes
Recommandé pour vous
Actualités connexes Tout