Agent: Remove shellcode obfusctor

Encryptor which was used in MS08-067 exploiter.
2022-01-27 16:46:30 +01:00 · 2022-01-27 16:46:30 +01:00 · ceec121d88
parent ff87252a24
commit ceec121d88
4 changed files with 2 additions and 50 deletions
--- a/monkey/common/utils/shellcode_obfuscator.py
+++ b/monkey/common/utils/shellcode_obfuscator.py
@ -1,30 +0,0 @@
-# This code is used to obfuscate shellcode
-# Usage:
-# shellcode_obfuscator.py [your normal shellcode].
-
-import sys
-
-# PyCrypto is deprecated, but we use pycryptodome, which uses the exact same imports
-from Crypto.Cipher import AES  # noqa: DUO133  # nosec: B413
-
-# We only encrypt payloads to hide them from static analysis
-# it's OK to have these keys plaintext
-KEY = b"1234567890123456"
-NONCE = b"\x93n2\xbc\xf5\x8d:\xc2fP\xabn\x02\xb3\x17f"
-
-
-# Use this manually to get obfuscated bytes of shellcode
-def obfuscate(shellcode: bytes) -> bytes:
-    cipher = AES.new(KEY, AES.MODE_EAX, nonce=NONCE)
-    ciphertext, _ = cipher.encrypt_and_digest(shellcode)
-    return ciphertext
-
-
-def clarify(shellcode: bytes) -> bytes:
-    cipher = AES.new(KEY, AES.MODE_EAX, nonce=NONCE)
-    plaintext = cipher.decrypt(shellcode)
-    return plaintext
-
-
-if __name__ == "__main__":
-    print(obfuscate(sys.argv[1].encode()))
--- a/monkey/infection_monkey/Pipfile
+++ b/monkey/infection_monkey/Pipfile
@ -23,7 +23,6 @@ ScoutSuite = {git = "git://github.com/guardicode/ScoutSuite"}
 pyopenssl = "==19.0.0" # We can't build 32bit ubuntu12 binary with newer versions of pyopenssl
 pypsrp = "*"
 typing-extensions = "*" # Allows us to use 3.9 typing features on 3.7 project
-pycryptodome = "*"  # Used in common/utils/shellcode_obfuscator.py
 altgraph = "*"  # Required for pyinstaller branch, without it agents fail to build
 pysmb = "*"
 "WinSys-3.x" = "*"
--- a/monkey/tests/unit_tests/common/utils/test_shellcode_obfuscator.py
+++ b/monkey/tests/unit_tests/common/utils/test_shellcode_obfuscator.py
@ -1,14 +0,0 @@
-from unittest import TestCase
-
-from common.utils.shellcode_obfuscator import clarify, obfuscate
-
-SHELLCODE = b"1234567890abcd"
-OBFUSCATED_SHELLCODE = b"\xc7T\x9a\xf4\xb1cn\x94\xb0X\xf2\xfb^="
-
-
-class TestShellcodeObfuscator(TestCase):
-    def test_obfuscate(self):
-        assert obfuscate(SHELLCODE) == OBFUSCATED_SHELLCODE
-
-    def test_clarify(self):
-        assert clarify(OBFUSCATED_SHELLCODE) == SHELLCODE
--- a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py
+++ b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py
@ -11,12 +11,9 @@ from infection_monkey.i_puppet import (
    PortStatus,
 )
 from infection_monkey.master import IPScanResults, Propagator
-from infection_monkey.network import NetworkInterface
-from infection_monkey.telemetry.exploit_telem import ExploitTelem
 from infection_monkey.model import VictimHost, VictimHostFactory
-from infection_monkey.network import NetworkAddress
-
-
+from infection_monkey.network import NetworkAddress, NetworkInterface
+from infection_monkey.telemetry.exploit_telem import ExploitTelem


@pytest.fixture