From ceec121d880539a0e4ed9baa954636f718fda621 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Thu, 27 Jan 2022 16:46:30 +0100 Subject: [PATCH] Agent: Remove shellcode obfusctor Encryptor which was used in MS08-067 exploiter. --- monkey/common/utils/shellcode_obfuscator.py | 30 ------------------- monkey/infection_monkey/Pipfile | 1 - .../common/utils/test_shellcode_obfuscator.py | 14 --------- .../master/test_propagator.py | 7 ++--- 4 files changed, 2 insertions(+), 50 deletions(-) delete mode 100644 monkey/common/utils/shellcode_obfuscator.py delete mode 100644 monkey/tests/unit_tests/common/utils/test_shellcode_obfuscator.py diff --git a/monkey/common/utils/shellcode_obfuscator.py b/monkey/common/utils/shellcode_obfuscator.py deleted file mode 100644 index 11635201e..000000000 --- a/monkey/common/utils/shellcode_obfuscator.py +++ /dev/null @@ -1,30 +0,0 @@ -# This code is used to obfuscate shellcode -# Usage: -# shellcode_obfuscator.py [your normal shellcode]. - -import sys - -# PyCrypto is deprecated, but we use pycryptodome, which uses the exact same imports -from Crypto.Cipher import AES # noqa: DUO133 # nosec: B413 - -# We only encrypt payloads to hide them from static analysis -# it's OK to have these keys plaintext -KEY = b"1234567890123456" -NONCE = b"\x93n2\xbc\xf5\x8d:\xc2fP\xabn\x02\xb3\x17f" - - -# Use this manually to get obfuscated bytes of shellcode -def obfuscate(shellcode: bytes) -> bytes: - cipher = AES.new(KEY, AES.MODE_EAX, nonce=NONCE) - ciphertext, _ = cipher.encrypt_and_digest(shellcode) - return ciphertext - - -def clarify(shellcode: bytes) -> bytes: - cipher = AES.new(KEY, AES.MODE_EAX, nonce=NONCE) - plaintext = cipher.decrypt(shellcode) - return plaintext - - -if __name__ == "__main__": - print(obfuscate(sys.argv[1].encode())) diff --git a/monkey/infection_monkey/Pipfile b/monkey/infection_monkey/Pipfile index 728e42a4f..60def5d44 100644 --- a/monkey/infection_monkey/Pipfile +++ b/monkey/infection_monkey/Pipfile @@ -23,7 +23,6 @@ ScoutSuite = {git = "git://github.com/guardicode/ScoutSuite"} pyopenssl = "==19.0.0" # We can't build 32bit ubuntu12 binary with newer versions of pyopenssl pypsrp = "*" typing-extensions = "*" # Allows us to use 3.9 typing features on 3.7 project -pycryptodome = "*" # Used in common/utils/shellcode_obfuscator.py altgraph = "*" # Required for pyinstaller branch, without it agents fail to build pysmb = "*" "WinSys-3.x" = "*" diff --git a/monkey/tests/unit_tests/common/utils/test_shellcode_obfuscator.py b/monkey/tests/unit_tests/common/utils/test_shellcode_obfuscator.py deleted file mode 100644 index bda9f7996..000000000 --- a/monkey/tests/unit_tests/common/utils/test_shellcode_obfuscator.py +++ /dev/null @@ -1,14 +0,0 @@ -from unittest import TestCase - -from common.utils.shellcode_obfuscator import clarify, obfuscate - -SHELLCODE = b"1234567890abcd" -OBFUSCATED_SHELLCODE = b"\xc7T\x9a\xf4\xb1cn\x94\xb0X\xf2\xfb^=" - - -class TestShellcodeObfuscator(TestCase): - def test_obfuscate(self): - assert obfuscate(SHELLCODE) == OBFUSCATED_SHELLCODE - - def test_clarify(self): - assert clarify(OBFUSCATED_SHELLCODE) == SHELLCODE diff --git a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py index 745e075fa..0e54f2a4e 100644 --- a/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py +++ b/monkey/tests/unit_tests/infection_monkey/master/test_propagator.py @@ -11,12 +11,9 @@ from infection_monkey.i_puppet import ( PortStatus, ) from infection_monkey.master import IPScanResults, Propagator -from infection_monkey.network import NetworkInterface -from infection_monkey.telemetry.exploit_telem import ExploitTelem from infection_monkey.model import VictimHost, VictimHostFactory -from infection_monkey.network import NetworkAddress - - +from infection_monkey.network import NetworkAddress, NetworkInterface +from infection_monkey.telemetry.exploit_telem import ExploitTelem @pytest.fixture