Introduction to Obfuscator

Written by on

Hello All,

In this post I will provide you an overview about the new tool that I wrote to encrypt the shellcode using XOR & AES encryption. This tool has been written to support the new features added to the process injection tool that I wrote for learning about various Process Injection techniques and to enhance my knowledge about C# and Windows API. 

The tool for process injection can be found on my github repo

The tool Obfuscator can also be found on my github repo https://github.com/3xpl01tc0d3r/Obfuscator

What is encryption ?

In cryptography, encryption is the process of encoding information.This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Only authorized parties can decipher a ciphertext back to plaintext and access the original information.

What is shellcode ?

Shellcode is a set of instructions that executes a command in the software to take control of or exploit the program. Shellcode can be used to directly manipulate registers and the functionality of a exploited program. Shellcode is commonly written in machine code.

What is Obfuscation ?

Obfuscation is the practice of making something difficult to understand or unintelligible. It is an act to deliberately avoid attacker / defender to reveal the actual source code.

Overview

The tool can be used to encrypt the shellcode in XOR or AES encryption.
To encrypt the shellcode we can pass the file path argument or the URL from which the tool will download and encrypt the shellcode with specify encryption format.
The tool will use default key 'SuperStrongKey' in case the /key parameter is not specified.
The tool accepts the shellcode in 4 formats.
1) C
2) HEX
3) BASE64
4) RAW

This tool can be helpful for the operators those want to encrypt the shellcode before using them with process injection tool.

DEMO

Help


1) Encrypt the shellcode with XOR encryption :-


2) Fetch raw shellcode remotely and encrypt the shellcode with AES encryption :-


Feel free to provide me the feedback on twitter @chiragsavla94

Thanks for reading the post.

Special thanks to all my friends who help / supported / motivated me for writing blogs. 🙏


Comments

Post a Comment

Popular posts from this blog

Information Disclosure - Internal Path Disclosure (PHPWCMS) - CVE-2018-12990

Written by on
Image
Hello All, ​INTRODUCTION T​he  purpose  of this post is to let you know how I managed to get one more CVE​. Throughout this post, I will give you relevant examples/screenshots that demonstrates how I ended up finding the vulnerability. ​Alright, lets plunge into the Proof-Of-Concept ! ​ PATH OF EXPLORATION ​ After submitting the first vulnerability (Stored Cross Site Scripting) to the developer for phpwcms application I continued to test further for finding more vulnerability. While testing I saw that CSRF Token was submitted in all the request. I tried to tamper with the parameter which contained the CSRF Token and found that the application throws an error which discloses the Internal Path of the application where it has been hosted. THE MOST AWAITED DEEP DIVE POC​ 1) While submitting the profile page request I saw that the application passes one parameter (csrf_token_value) which as per the name suggest contains the csrf token as you can refer the below screenshot.
Read more

Introduction to Callidus

Written by on
Image
Hello All, Performing Red Team assessments are becoming challenging day by day. In mature environments we see a lot of custom tool development and new techniques are getting discovered by the community to overcome various challenges. While thinking about such challenges, I came up with the idea of creating a tool that can leverage legitimate services for establishing command & control communication channel which is likely to be whitelisted or are less monitored due to the nature of services used by the corporate environments. This is not a new technique, we have already seen similar projects that were developed to leverage legitimate services for command & control. Communication channels such as Slackor for Slack C2, DaaC2 for Discord C2 or  Domain Fronting techniques etc. In this post I will introduce you to a tool called "Callidus" which I created to learn & to improve my knowledge about developing custom toolset in C# and learning how to leverage
Read more

Process Injection - Part I

Written by on
Image
Hello All, After publishing the post about Dumping Process Memory with Custom C# Code my friend Himanshu suggested me to write a tool & a blog post about Process Injection for learning and he referenced his post about Code Injection which covers the concept about the vanilla process injection technique. It was quite interesting to learn and understand the core concepts about Process Injection techniques and as a learning path to code in c# leveraging Windows API I started writing the tool for Process Injection. What is Process Injection ? Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process. Why Process Injection ?
Read more