def main(): #main function ''' main function of ZCR Shellcoder ''' if argv_control.exist() is not True: #if execute without any argv start.start() #show start page and exit else: if argv_control.check() is True: #check argv, if entered accurately analyser.do(argv_control.run()) #go for generating start.sig() #print software signature and exit else: start.inputcheck()
def main(): ''' main function of ZCR Shellcoder ''' if argv_control.exist() is not True: process = start.start() sys.exit(0) if argv_control.exist() is True: process_check = False if argv_control.check() is True: process_check = True analyser.do(argv_control.run()) start.sig() if process_check is False: start.inputcheck()
def main(): ''' main function of ZCR Shellcoder ''' if argv_control.exist() is not True: process = start.start() sys.exit(0) if argv_control.exist() is True: process_check = False if argv_control.check() is True: process_check = True analyser.do(argv_control.run()) start.sig() if process_check is False: start.inputcheck()
def run():
counter = 0
total_counter = 0
os_counter = 0
filename_counter = 0
job_counter = 0
encode_counter = 0
for argv_check in sys.argv:
if argv_check == '-os':
counter += 1
os_counter = total_counter + 1
if argv_check == '-o':
counter += 1
filename_counter = total_counter + 1
if argv_check == '-job':
counter += 1
job_counter = total_counter + 1
if argv_check == '-encode':
counter += 1
encode_counter = total_counter + 1
total_counter += 1
if counter is 4:
checkargv = True
if checkargv is False:
start.inputcheck()
checkargv = False
if start.oslist(sys.argv[os_counter]) is not True:
return checkargv
if start.types(sys.argv[encode_counter]) is not True:
return checkargv
if start.joblist(sys.argv[job_counter]) is not True:
return checkargv
try:
writer = open(sys.argv[filename_counter], 'w')
writer.write('')
writer.close()
except:
print(
color.color('red') +
'File is not writable, Try other name or change directory' +
color.color('reset'))
sys.exit(start.sig())
os = sys.argv[os_counter]
filename = sys.argv[filename_counter]
encode = sys.argv[encode_counter]
job = sys.argv[job_counter]
content = os + '\x90\x90\x90' + filename + '\x90\x90\x90' + encode + '\x90\x90\x90' + job
return content
def run():
counter = 0
total_counter = 0
os_counter = 0
filename_counter = 0
job_counter = 0
encode_counter = 0
for argv_check in sys.argv:
if argv_check == '-os':
counter += 1
os_counter = total_counter + 1
if argv_check == '-o':
counter += 1
filename_counter = total_counter + 1
if argv_check == '-job':
counter += 1
job_counter = total_counter + 1
if argv_check == '-encode':
counter += 1
encode_counter = total_counter + 1
total_counter += 1
if counter is 4:
checkargv = True
if checkargv is False:
start.inputcheck()
checkargv = False
if start.oslist(sys.argv[os_counter]) is not True:
return checkargv
if start.types(sys.argv[encode_counter]) is not True:
return checkargv
if start.joblist(sys.argv[job_counter]) is not True:
return checkargv
try:
writer = open(sys.argv[filename_counter],'w')
writer.write('')
writer.close()
except:
print (color.color('red')+'File is not writable, Try other name or change directory'+color.color('reset'))
sys.exit(start.sig())
os = sys.argv[os_counter]
filename = sys.argv[filename_counter]
encode = sys.argv[encode_counter]
job = sys.argv[job_counter]
content = os + '\x90\x90\x90' + filename + '\x90\x90\x90' + encode + '\x90\x90\x90' + job
return content
def run(filename,content,command):
command = command.replace('[space]',' ')
try:
cont = binascii.b2a_hex(open(content).read())
except:
from core import start
print 'Error, Cannot find/open the file %s'%(content)
start.sig()
sys.exit(0)
l = len(cont) -1
n = 0
c = '\\x'
for word in cont:
c += word
n+=1
if n is 2:
n = 0
c += '\\x'
c = c[:-2]
command = 'echo -e "%s" > %s ; chmod 777 %s ; %s'%(str(c),str(filename),str(filename),str(command))
m = len(command) - 1
stack = ''
while(m>=0):
stack += command[m]
m -= 1
stack = stack.encode('hex')
shr_counter = 0
shr_counter = len(stack) % 8
zshr_counter = shr_counter
shr = None
if shr_counter is 2:
shr = '\npop %ecx\nshr $0x10,%ecx\nshr $0x8,%ecx\npush %ecx\n'
stack = stack[0:2] + '909090' + stack[2:]
if shr_counter is 4:
shr = '\npop %ecx\nshr $0x10,%ecx\npush %ecx\n'
stack = stack[0:4] + '9090' + stack[4:]
if shr_counter is 6:
shr = '\npop %ecx\nshr $0x8,%ecx\npush %ecx\n'
stack = stack[0:6] + '90' + stack[6:]
zshr = shr
m = len(stack)
n = len(stack) / 8
file_shellcode = ''
shr_counter = len(stack) % 8
if shr_counter is 0:
shr_n = 0
r = ''
while(n is not 0):
if shr is not None:
shr_n += 1
zx = m - 8
file_shellcode = 'push $0x' + str(stack[zx:m]) + '\n' + file_shellcode
m -= 8
n = n - 1
shr = None
if shr is None:
shr_n += 1
zx = m - 8
file_shellcode = 'push $0x' + str(stack[zx:m]) + '\n' + file_shellcode
m -= 8
n = n - 1
if zshr is None:
file_z = file_shellcode
if zshr is not None:
rep1 = file_shellcode[:16]
rep2 = rep1 + zshr
file_z = file_shellcode.replace(rep1,rep2)
shellcode = '''push $0xb
pop %%eax
cltd
push %%edx
%s
mov %%esp,%%esi
push %%edx
push $0x632d9090
pop %%ecx
shr $0x10,%%ecx
push %%ecx
mov %%esp,%%ecx
push %%edx
push $0x68
push $0x7361622f
push $0x6e69622f
mov %%esp,%%ebx
push %%edx
push %%edi
push %%esi
push %%ecx
push %%ebx
mov %%esp,%%ecx
int $0x80
'''%(str(file_z))
return shellcode
def check():
checkargv = False
if len(sys.argv) is 2:
if str(sys.argv[1]) == '-oslist':
checkargv = True
start.oslist(1)
if str(sys.argv[1]) == '-joblist':
checkargv = True
start.joblist(1)
if str(sys.argv[1]) == '-types':
checkargv = True
start.types(1)
if str(sys.argv[1]) == '-h':
checkargv = True
start.menu()
if str(sys.argv[1]) == '--h':
checkargv = True
start.menu()
if str(sys.argv[1]) == '-help':
checkargv = True
start.menu()
if str(sys.argv[1]) == '--help':
checkargv = True
start.menu()
if str(sys.argv[1]) == '-update':
checkargv = True
start.update()
if str(sys.argv[1]) == '-about':
checkargv = True
start.about()
if str(sys.argv[1]) == '-wizard':
checkargv = True
start.zcr()
try:
t = True
print ('\n'+color.color('yellow')+'Default OS Name is linux_x86, Enter OS Name or Enter "list" to see OS List')
while t:
if version is 2:
osname = raw_input(color.color('cyan')+'OS Name: '+color.color('white')).replace('\n','')
if version is 3:
osname = input(color.color('cyan')+'OS Name: '+color.color('white')).replace('\n','')
if osname == '':
osname = 'linux_x86'
check = start.oslist(osname)
if osname == 'list':
start.os_names_list()
check = 1
if check is True:
print (color.color('blue')+'OS Name set to "%s%s%s"'%(color.color('red'),osname,color.color('blue')))
t = False
if check is not True and check is not 1:
print (color.color('red')+'Wrong Input' )
t = True
print ('\n'+color.color('yellow')+'Default Job is exec(\'/bin/bash\'), Enter Job Type or Enter "list" to see Jobs List')
while t:
if version is 2:
job = raw_input(color.color('cyan')+'Job:'+color.color('white')).replace('\n','')
if version is 3:
job = input(color.color('cyan')+'Job:'+color.color('white')).replace('\n','')
if job == '':
job = 'exec(\'/bin/bash\')'
check = start.job_check(job)
if job == 'list':
start.job_list()
check = 1
if check is True:
print (color.color('blue')+'Job set to "%s%s%s"'%(color.color('red'),job,color.color('blue')))
t = False
if check is not True and check is not 1:
print (color.color('red')+'Wrong Input')
t = True
print ('\n'+color.color('yellow')+'Default Encode Type is none, Enter Encode Type or Enter "list" to see Encodes List')
while t:
if version is 2:
encode = raw_input(color.color('cyan')+'Encode:'+color.color('white')).replace('\n','')
if version is 3:
encode = input(color.color('cyan')+'Encode:'+color.color('white')).replace('\n','')
if encode == '':
encode = 'none'
check = start.encode_name_check(encode)
if encode == 'list':
start.encode_name()
check = 1
if check is True:
print (color.color('blue')+'Encode Type set to "%s%s%s"'%(color.color('red'),encode,color.color('blue')))
t = False
if check is not True and check is not 1:
print (color.color('red')+'Wrong Input')
t = True
print ('\n'+color.color('yellow')+'Default Filename is shellcode.c, Enter Filename or Just Enter to skip')
while t:
if version is 2:
filename = raw_input(color.color('cyan')+'Filename: '+color.color('white')).replace('\n','')
if version is 3:
filename = input(color.color('cyan')+'Filename: '+color.color('white')).replace('\n','')
if filename == '':
filename = 'shellcode.c'
check = False
try:
file = open(filename,'w')
file.write('')
file.close()
check = True
except:
check = False
if check is True:
print (color.color('blue')+'Filename set to "%s%s%s"'%(color.color('red'),filename,color.color('blue')))
t = False
if check is False:
print (color.color('red')+'File is not writable, Try other name or change directory')
except (KeyboardInterrupt, SystemExit):
sys.exit('\n\nAborted by user.\n')
except:
sys.exit('\n\nAborted by user.\n')
checkargv = True
if start.oslist(osname) is not True:
checkargv = False
if start.types(encode) is not True:
checkargv = False
if start.joblist(job) is not True:
checkargv = False
if checkargv is False:
start.inputcheck()
content = osname + '\x90\x90\x90' + filename + '\x90\x90\x90' + encode + '\x90\x90\x90' + job
analyser.do(content)
sys.exit(start.sig())
if checkargv is False:
start.inputcheck()
return checkargv
if len(sys.argv) > 2:
checkargv = True
for argv_check in sys.argv:
if argv_check == '-h':
checkargv = False
if argv_check == '--h':
checkargv = False
if argv_check == '-help':
checkargv = False
if argv_check == '--help':
checkargv = False
if argv_check == '-types':
checkargv = False
if argv_check == '-oslist':
checkargv = False
if argv_check == '-joblist':
checkargv = False
if argv_check == '-update':
checkargv = False
if argv_check == '-wizard':
checkargv = False
if checkargv is False:
start.inputcheck()
checkargv = False
counter = 0
total_counter = 0
os_counter = 0
filename_counter = 0
job_counter = 0
encode_counter = 0
for argv_check in sys.argv:
if argv_check == '-os':
counter += 1
os_counter = total_counter + 1
if argv_check == '-o':
counter += 1
filename_counter = total_counter + 1
if argv_check == '-job':
counter += 1
job_counter = total_counter + 1
if argv_check == '-encode':
counter += 1
encode_counter = total_counter + 1
total_counter += 1
if counter is 4:
checkargv = True
if checkargv is False:
start.inputcheck()
checkargv = False
if start.oslist(sys.argv[os_counter]) is not True:
return checkargv
if start.types(sys.argv[encode_counter]) is not True:
return checkargv
if start.joblist(sys.argv[job_counter]) is not True:
return checkargv
checkargv = True
return checkargv
#!/usr/bin/env python
'''
ZCR Shellcoder
ZeroDay Cyber Research
Z3r0D4y.Com
Ali Razmjoo
'''
import os
import sys
from core import start
from core import color
if 'linux' in sys.platform:
os.system('clear')
else:
sys.exit(
color.color('red') +
'Sorry, This version of software just could be run on linux.' +
color.color('reset'))
start.zcr()
print color.color('green') + 'Removing Files' + color.color('white')
os.system('rm -rf /usr/share/owasp_zsc /usr/bin/zsc')
print color.color('green') + 'Files Removed!' + color.color('white')
start.sig()
except:
pass
print(color.color('green') + 'Copying Files' + color.color('white'))
tmp_copy = os.popen('xcopy /y /s /i . %s' % installing_path).read()
print(color.color('cyan') + 'Building Commandline')
tmp_add_command_line = open('%s\\..\\zsc.bat' % installing_path, 'w')
tmp_add_command_line.write('@echo off\npython %s\\zsc.py %%*' %
installing_path)
tmp_add_command_line.close()
print(
color.color('yellow') +
'\nNow you can remove this folder\nfiles copied in %s.\nto run zcr shellcoder please use "zsc" command line\nNOTE: IF COMMAND LINE "zsc" NOT FOUND, PLEASE RE-OPEN YOUR CMD!\n'
% installing_path + color.color('reset'))
if 'linux' in sys.platform:
os.system('clear')
linux()
elif 'darwin' in sys.platform:
os.system('clear')
osx()
elif 'win32' in sys.platform or 'win64' in sys.platform:
os.system('cls')
windows()
else:
sys.exit(
color.color('red') +
'OWASP ZSC currently supports install on windows/linux/osx only, for other platforms please copy source files to a directory and run'
+ color.color('reset'))
start.sig()
def check():
checkargv = False
if len(sys.argv) is 2:
if str(sys.argv[1]) == '-oslist':
checkargv = True
start.oslist(1)
if str(sys.argv[1]) == '-joblist':
checkargv = True
start.joblist(1)
if str(sys.argv[1]) == '-types':
checkargv = True
start.types(1)
if str(sys.argv[1]) == '-h':
checkargv = True
start.menu()
if str(sys.argv[1]) == '--h':
checkargv = True
start.menu()
if str(sys.argv[1]) == '-help':
checkargv = True
start.menu()
if str(sys.argv[1]) == '--help':
checkargv = True
start.menu()
if str(sys.argv[1]) == '-update':
checkargv = True
start.update()
if str(sys.argv[1]) == '-about':
checkargv = True
start.about()
if str(sys.argv[1]) == '-wizard':
checkargv = True
start.zcr()
try:
t = True
print(
'\n' + color.color('yellow') +
'This version has one OS available which is linux_x86 (by Default), Enter OS Name or Enter "list" to see future OS List'
)
while t:
if version is 2:
osname = raw_input(
color.color('cyan') + 'OS Name: ' +
color.color('white')).replace('\n', '')
if version is 3:
osname = input(
color.color('cyan') + 'OS Name: ' +
color.color('white')).replace('\n', '')
if osname == '':
osname = 'linux_x86'
check = start.oslist(osname)
if osname == 'list':
start.os_names_list()
check = 1
if check is True:
print(
color.color('blue') + 'OS Name set to "%s%s%s"' %
(color.color('red'), osname, color.color('blue')))
t = False
if check is not True and check is not 1:
print(color.color('red') + 'Wrong Input')
t = True
print(
'\n' + color.color('yellow') +
'Default Job is exec(\'/bin/bash\'), Enter Job Type or Enter "list" to see Jobs List'
)
while t:
if version is 2:
job = raw_input(
color.color('cyan') + 'Job:' +
color.color('white')).replace('\n', '')
if version is 3:
job = input(
color.color('cyan') + 'Job:' +
color.color('white')).replace('\n', '')
if job == '':
job = 'exec(\'/bin/bash\')'
check = start.job_check(job)
if job == 'list':
start.job_list()
check = 1
if check is True:
print(
color.color('blue') + 'Job set to "%s%s%s"' %
(color.color('red'), job, color.color('blue')))
t = False
if check is not True and check is not 1:
print(color.color('red') + 'Wrong Input')
t = True
print(
'\n' + color.color('yellow') +
'Default Encode Type is none, Enter Encode Type or Enter "list" to see Encodes List'
)
while t:
if version is 2:
encode = raw_input(
color.color('cyan') + 'Encode:' +
color.color('white')).replace('\n', '')
if version is 3:
encode = input(
color.color('cyan') + 'Encode:' +
color.color('white')).replace('\n', '')
if encode == '':
encode = 'none'
check = start.encode_name_check(encode)
if encode == 'list':
start.encode_name()
check = 1
if check is True:
print(
color.color('blue') +
'Encode Type set to "%s%s%s"' %
(color.color('red'), encode, color.color('blue')))
t = False
if check is not True and check is not 1:
print(color.color('red') + 'Wrong Input')
t = True
print(
'\n' + color.color('yellow') +
'Default Filename is shellcode.c, Enter Filename or Just Enter to skip'
)
while t:
if version is 2:
filename = raw_input(
color.color('cyan') + 'Filename: ' +
color.color('white')).replace('\n', '')
if version is 3:
filename = input(
color.color('cyan') + 'Filename: ' +
color.color('white')).replace('\n', '')
if filename == '':
filename = 'shellcode.c'
check = False
try:
file = open(filename, 'w')
file.write('')
file.close()
check = True
except:
check = False
if check is True:
print(
color.color('blue') + 'Filename set to "%s%s%s"' %
(color.color('red'), filename, color.color('blue'))
)
t = False
if check is False:
print(
color.color('red') +
'File is not writable, Try other name or change directory'
)
except (KeyboardInterrupt, SystemExit):
sys.exit('\n\nAborted by user.\n')
except:
sys.exit('\n\nAborted by user.\n')
checkargv = True
if start.oslist(osname) is not True:
checkargv = False
if start.types(encode) is not True:
checkargv = False
if start.joblist(job) is not True:
checkargv = False
if checkargv is False:
start.inputcheck()
content = osname + '\x90\x90\x90' + filename + '\x90\x90\x90' + encode + '\x90\x90\x90' + job
analyser.do(content)
sys.exit(start.sig())
if checkargv is False:
start.inputcheck()
return checkargv
if len(sys.argv) > 2:
checkargv = True
for argv_check in sys.argv:
if argv_check == '-h':
checkargv = False
if argv_check == '--h':
checkargv = False
if argv_check == '-help':
checkargv = False
if argv_check == '--help':
checkargv = False
if argv_check == '-types':
checkargv = False
if argv_check == '-oslist':
checkargv = False
if argv_check == '-joblist':
checkargv = False
if argv_check == '-update':
checkargv = False
if argv_check == '-wizard':
checkargv = False
if checkargv is False:
start.inputcheck()
checkargv = False
counter = 0
total_counter = 0
os_counter = 0
filename_counter = 0
job_counter = 0
encode_counter = 0
for argv_check in sys.argv:
if argv_check == '-os':
counter += 1
os_counter = total_counter + 1
if argv_check == '-o':
counter += 1
filename_counter = total_counter + 1
if argv_check == '-job':
counter += 1
job_counter = total_counter + 1
if argv_check == '-encode':
counter += 1
encode_counter = total_counter + 1
total_counter += 1
if counter is 4:
checkargv = True
if checkargv is False:
start.inputcheck()
checkargv = False
if start.oslist(sys.argv[os_counter]) is not True:
return checkargv
if start.types(sys.argv[encode_counter]) is not True:
return checkargv
if start.joblist(sys.argv[job_counter]) is not True:
return checkargv
checkargv = True
return checkargv
