Hello All,
In this post I will provide you an overview about the new tool that I wrote to encrypt the shellcode using XOR & AES encryption. This tool has been written to support the new features added to the process injection tool that I wrote for learning about various Process Injection techniques and to enhance my knowledge about C# and Windows API.
The tool for process injection can be found on my github repo
https://github.com/3xpl01tc0d3r/ProcessInjection
The tool Obfuscator can also be found on my github repo
https://github.com/3xpl01tc0d3r/Obfuscator
What is encryption ?
In cryptography, encryption is the process of encoding information.This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Only authorized parties can decipher a ciphertext back to plaintext and access the original information.
What is shellcode ?
Shellcode is a set of instructions that executes a command in the software to take control of or exploit the program. Shellcode can be used to directly manipulate registers and the functionality of a exploited program. Shellcode is commonly written in machine code.
What is Obfuscation ?
Obfuscation is the practice of making something difficult to understand or unintelligible. It is an act to deliberately avoid attacker / defender to reveal the actual source code.
Overview
The tool can be used to encrypt the shellcode in XOR or AES encryption.
To encrypt the shellcode we can pass the file path argument or the URL from which the tool will download and encrypt the shellcode with specify encryption format.
The tool will use default key 'SuperStrongKey' in case the /key parameter is not specified.
The tool accepts the shellcode in 4 formats.
1) C
2) HEX
3) BASE64
4) RAW
This tool can be helpful for the operators those want to encrypt the shellcode before using them with process injection tool.
DEMO
Help
1) Encrypt the shellcode with XOR encryption :-
2) Fetch raw shellcode remotely and encrypt the shellcode with AES encryption :-
Feel free to provide me the feedback on twitter @chiragsavla94 Thanks for reading the post. Special thanks to all my friends who help / supported / motivated me for writing blogs. 🙏 Posted by:
Chirag Savla
Senior Security Researcher at AlteredSecurity
Also published at 3xpl01tc0d3r.