p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Agent: Remove shellcode obfusctor 

Encryptor which was used in MS08-067 exploiter.
This commit is contained in:
Ilija Lazoroski 2022-01-27 16:46:30 +01:00
parent ff87252a24
commit ceec121d88
4 changed files with 2 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
monkey/common/utils/shellcode_obfuscator.py
View File

@ -1,30 +0,0 @@
# This code is used to obfuscate shellcode
# Usage:
# shellcode_obfuscator.py [your normal shellcode].
import sys
# PyCrypto is deprecated, but we use pycryptodome, which uses the exact same imports
from Crypto.Cipher import AES # noqa: DUO133 # nosec: B413
# We only encrypt payloads to hide them from static analysis
# it's OK to have these keys plaintext
KEY = b"1234567890123456"
NONCE = b"\x93n2\xbc\xf5\x8d:\xc2fP\xabn\x02\xb3\x17f"
# Use this manually to get obfuscated bytes of shellcode
def obfuscate(shellcode: bytes) -> bytes:
cipher = AES.new(KEY, AES.MODE_EAX, nonce=NONCE)
ciphertext, _ = cipher.encrypt_and_digest(shellcode)
return ciphertext
def clarify(shellcode: bytes) -> bytes:
cipher = AES.new(KEY, AES.MODE_EAX, nonce=NONCE)
plaintext = cipher.decrypt(shellcode)
return plaintext
if __name__ == "__main__":
print(obfuscate(sys.argv[1].encode()))

1
monkey/infection_monkey/Pipfile
View File

@ -23,7 +23,6 @@ ScoutSuite = {git = "git://github.com/guardicode/ScoutSuite"}
pyopenssl = "==19.0.0" # We can't build 32bit ubuntu12 binary with newer versions of pyopenssl pyopenssl = "==19.0.0" # We can't build 32bit ubuntu12 binary with newer versions of pyopenssl
pypsrp = "*" pypsrp = "*"
typing-extensions = "*" # Allows us to use 3.9 typing features on 3.7 project typing-extensions = "*" # Allows us to use 3.9 typing features on 3.7 project
pycryptodome = "*" # Used in common/utils/shellcode_obfuscator.py
altgraph = "*" # Required for pyinstaller branch, without it agents fail to build altgraph = "*" # Required for pyinstaller branch, without it agents fail to build
pysmb = "*" pysmb = "*"
"WinSys-3.x" = "*" "WinSys-3.x" = "*"

14
monkey/tests/unit_tests/common/utils/test_shellcode_obfuscator.py
View File

@ -1,14 +0,0 @@
from unittest import TestCase
from common.utils.shellcode_obfuscator import clarify, obfuscate
SHELLCODE = b"1234567890abcd"
OBFUSCATED_SHELLCODE = b"\xc7T\x9a\xf4\xb1cn\x94\xb0X\xf2\xfb^="
class TestShellcodeObfuscator(TestCase):
def test_obfuscate(self):
assert obfuscate(SHELLCODE) == OBFUSCATED_SHELLCODE
def test_clarify(self):
assert clarify(OBFUSCATED_SHELLCODE) == SHELLCODE

7
monkey/tests/unit_tests/infection_monkey/master/test_propagator.py
View File

@ -11,12 +11,9 @@ from infection_monkey.i_puppet import (
PortStatus, PortStatus,
) )
from infection_monkey.master import IPScanResults, Propagator from infection_monkey.master import IPScanResults, Propagator
from infection_monkey.network import NetworkInterface
from infection_monkey.telemetry.exploit_telem import ExploitTelem
from infection_monkey.model import VictimHost, VictimHostFactory from infection_monkey.model import VictimHost, VictimHostFactory
from infection_monkey.network import NetworkAddress from infection_monkey.network import NetworkAddress, NetworkInterface
from infection_monkey.telemetry.exploit_telem import ExploitTelem
@pytest.fixture @pytest.fixture