This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification:
Student ID: SLAE-924
Create a custom crypter like the one shown in the “crypters” video
Free to use any existing encryption schema
Can use any programming language
What is crypter?
Crypter can help us to encrypt our malicious payload. Encrypted payload will not be detected by signature-based AVs or IDS systems. The shellcode will be decrypted right before the execution.
In this example I will use simple XOR crypter written in python.
Let’s create crypter
As a shellcode we will use connect-back shellcode which was written in the Assignment #2.
Firstly we will write script for encryption. Our script will download encryption/decryption key from the remote server. After that the key will be XORed with our shellcode. And finally this script prints out encrypted shellcode.
That’s how it works:
Now what about script which will decrypt shellcode and execute it?
Let’s try to run it on our linux system.
The shellcode successfully decrypted and executed on our system and now we have reverse shell on attacker’s machine.
I’ve also uploaded decrypter script to the virustotal and that’s the result: