示例#1
0
  def encode(self, output_format="c"):
    padded_shellcode = strings.pad(self.shellcode())
    output = ""
    for c in textwrap.wrap(padded_shellcode, 16):
      val=strings.from_char_to_hexcode(c)
      key=self.calc_xor_key(val)
      encoded=self.xor_str(val, key)

      logging.debug("V: %s" %val)
      logging.debug("K: %s" %key.zfill(8))
      logging.debug("E: %s" %encoded.zfill(8))

      output+=key.zfill(8)
      output+=encoded.zfill(8)



    mark=secrets.token_hex(4)
    output+=mark
    output+=mark
    a=strings.split(output)

    if output_format == "c":
      return ''.join('\\x'+x.zfill(2) for x in a)
    if output_format == "asm":
      o = ''.join('0x'+x.zfill(2)+', ' for x in a)
    if output_format == "raw":
      return ''.join(x.zfill(2) for x in a)

    return o[:-2]
示例#2
0
  def calc_xor_key(self, val):
    key = ""
    a=strings.split(val)
    b=[]

    b.append(self.xor_str(a[0], secrets.token_hex(1)))
    b.append(self.xor_str(a[1], secrets.token_hex(1)))
    b.append(self.xor_str(a[2], secrets.token_hex(1)))
    b.append(self.xor_str(a[3], secrets.token_hex(1)))
    
    return ''.join(b)
示例#3
0
  def payload(self, output_format="c"):
    stub_raw = "eb225e8d3e31c031db31c931d28b1c0604048b140631d339cb740e891f83c7040404ebe9e8d9ffffff"
    if output_format == "raw":
      return stub_raw + self.encode("raw")
    
    a=strings.split(stub_raw)
    if output_format == "c":
      stub=''.join('\\x'+x.zfill(2) for x in a)
    if output_format == "asm":
      stub = ''.join('0x'+x.zfill(2)+', ' for x in a)

    return stub +self.encode(output_format)