NUL0x4C
diff --git a/‎HellShell.sln‎
Lines changed: 61 additions & 0 deletions b/‎HellShell.sln‎
Lines changed: 61 additions & 0 deletions
diff --git a/‎HellShell/Common.h‎
Lines changed: 93 additions & 0 deletions b/‎HellShell/Common.h‎
Lines changed: 93 additions & 0 deletions
diff --git a/‎HellShell/HellShell.cpp‎
Lines changed: 151 additions & 0 deletions b/‎HellShell/HellShell.cpp‎
Lines changed: 151 additions & 0 deletions
@@ -0,0 +1,61 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.32228.343
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "HellShell", "HellShell\HellShell.vcxproj", "{F8F595CB-677C-46C0-9C13-F5108859A204}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "MacFuscation", "MacFuscation\MacFuscation.vcxproj", "{9EE52AA5-A7BC-4CAE-BCCC-9434B4B15921}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "IPv6Fuscation", "IPv6Fuscation\IPv6Fuscation.vcxproj", "{F4CB3F0F-F502-4796-8E8B-9F9618895BFF}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "IPv4Fuscation", "IPv4Fuscation\IPv4Fuscation.vcxproj", "{C235317F-60B3-4E0C-B4F1-D8925B0812B4}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{F8F595CB-677C-46C0-9C13-F5108859A204}.Debug|x64.ActiveCfg = Debug|x64
+		{F8F595CB-677C-46C0-9C13-F5108859A204}.Debug|x64.Build.0 = Debug|x64
+		{F8F595CB-677C-46C0-9C13-F5108859A204}.Debug|x86.ActiveCfg = Debug|Win32
+		{F8F595CB-677C-46C0-9C13-F5108859A204}.Debug|x86.Build.0 = Debug|Win32
+		{F8F595CB-677C-46C0-9C13-F5108859A204}.Release|x64.ActiveCfg = Release|x64
+		{F8F595CB-677C-46C0-9C13-F5108859A204}.Release|x64.Build.0 = Release|x64
+		{F8F595CB-677C-46C0-9C13-F5108859A204}.Release|x86.ActiveCfg = Release|Win32
+		{F8F595CB-677C-46C0-9C13-F5108859A204}.Release|x86.Build.0 = Release|Win32
+		{9EE52AA5-A7BC-4CAE-BCCC-9434B4B15921}.Debug|x64.ActiveCfg = Debug|x64
+		{9EE52AA5-A7BC-4CAE-BCCC-9434B4B15921}.Debug|x64.Build.0 = Debug|x64
+		{9EE52AA5-A7BC-4CAE-BCCC-9434B4B15921}.Debug|x86.ActiveCfg = Debug|Win32
+		{9EE52AA5-A7BC-4CAE-BCCC-9434B4B15921}.Debug|x86.Build.0 = Debug|Win32
+		{9EE52AA5-A7BC-4CAE-BCCC-9434B4B15921}.Release|x64.ActiveCfg = Release|x64
+		{9EE52AA5-A7BC-4CAE-BCCC-9434B4B15921}.Release|x64.Build.0 = Release|x64
+		{9EE52AA5-A7BC-4CAE-BCCC-9434B4B15921}.Release|x86.ActiveCfg = Release|Win32
+		{9EE52AA5-A7BC-4CAE-BCCC-9434B4B15921}.Release|x86.Build.0 = Release|Win32
+		{F4CB3F0F-F502-4796-8E8B-9F9618895BFF}.Debug|x64.ActiveCfg = Debug|x64
+		{F4CB3F0F-F502-4796-8E8B-9F9618895BFF}.Debug|x64.Build.0 = Debug|x64
+		{F4CB3F0F-F502-4796-8E8B-9F9618895BFF}.Debug|x86.ActiveCfg = Debug|Win32
+		{F4CB3F0F-F502-4796-8E8B-9F9618895BFF}.Debug|x86.Build.0 = Debug|Win32
+		{F4CB3F0F-F502-4796-8E8B-9F9618895BFF}.Release|x64.ActiveCfg = Release|x64
+		{F4CB3F0F-F502-4796-8E8B-9F9618895BFF}.Release|x64.Build.0 = Release|x64
+		{F4CB3F0F-F502-4796-8E8B-9F9618895BFF}.Release|x86.ActiveCfg = Release|Win32
+		{F4CB3F0F-F502-4796-8E8B-9F9618895BFF}.Release|x86.Build.0 = Release|Win32
+		{C235317F-60B3-4E0C-B4F1-D8925B0812B4}.Debug|x64.ActiveCfg = Debug|x64
+		{C235317F-60B3-4E0C-B4F1-D8925B0812B4}.Debug|x64.Build.0 = Debug|x64
+		{C235317F-60B3-4E0C-B4F1-D8925B0812B4}.Debug|x86.ActiveCfg = Debug|Win32
+		{C235317F-60B3-4E0C-B4F1-D8925B0812B4}.Debug|x86.Build.0 = Debug|Win32
+		{C235317F-60B3-4E0C-B4F1-D8925B0812B4}.Release|x64.ActiveCfg = Release|x64
+		{C235317F-60B3-4E0C-B4F1-D8925B0812B4}.Release|x64.Build.0 = Release|x64
+		{C235317F-60B3-4E0C-B4F1-D8925B0812B4}.Release|x86.ActiveCfg = Release|Win32
+		{C235317F-60B3-4E0C-B4F1-D8925B0812B4}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {07901455-13FE-40A7-9D8F-0FBC00B97FB7}
+	EndGlobalSection
+EndGlobal
@@ -0,0 +1,93 @@
+#pragma once
+
+#include <Windows.h>
+#include <stdio.h>
+
+
+typedef struct MyStruct {
+	SIZE_T BytesNumber; // number of bytes read from the file 
+	PVOID pShell;       // pointer to the shellcode read (here it is not appended) 
+	PVOID pNewShell;    // pointer to the shellcode (appended)
+	SIZE_T FinalSize;   // the size of the new appended shellcode
+	HANDLE hFile;		// handle to the file created  
+};
+
+struct MyStruct PayloadData = { 0 };
+
+//-------------------------------------------------------------------------------------------------------------------------------------------------------------------------//
+//	Function Used To Read The Shellcode.bin File, Save the size of the shellcode and the Pointer To its Buffer in our struct.
+BOOL ReadBinFile(char* FileInput) {
+	HANDLE hFile;
+	DWORD FileSize, lpNumberOfBytesRead;
+	BOOL Succ;
+	PVOID DllBytes;
+	hFile = CreateFileA(FileInput, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_READONLY, NULL);
+	if (hFile == INVALID_HANDLE_VALUE) {
+		printf("[!] CreateFileA Failed With Error: [%d]\n", GetLastError());
+		return FALSE;
+	}
+	FileSize = GetFileSize(hFile, NULL);
+	DllBytes = malloc((SIZE_T)FileSize);
+	Succ = ReadFile(hFile, DllBytes, FileSize, &lpNumberOfBytesRead, NULL);
+	if (!Succ) {
+		printf("[!] ReadFile Failed With Error:\n", GetLastError());
+		return FALSE;
+	}
+	PayloadData.BytesNumber = (SIZE_T)lpNumberOfBytesRead;
+	PayloadData.pShell = DllBytes;
+	CloseHandle(hFile);
+	return TRUE;
+}
+
+//-------------------------------------------------------------------------------------------------------------------------------------------------------------------------//
+// used to round up 'numToRound' to be multiple of 'multiple'
+// in ipv4 : multiple = 4
+// in ipv6 : multiple = 16
+// in Mac  : multiple = 6
+int roundUp(int numToRound, int multiple) {
+	if (multiple == 0) {
+		return numToRound;
+	}
+	int remainder = numToRound % multiple;
+	if (remainder == 0) {
+		return numToRound;
+	}
+	return numToRound + multiple - remainder;
+}
+
+//-------------------------------------------------------------------------------------------------------------------------------------------------------------------------//
+// used to appened the shellcode with nops ant the end, the nops are added of size 'n'
+void AppendShellcode(int n) {
+	unsigned char Nop[1] = { 0x90 };
+	int MultipleByn, HowManyToAdd;
+	PVOID NewPaddedShellcode;
+
+	MultipleByn = roundUp(PayloadData.BytesNumber, n);
+	printf("[+] Constructing the Shellcode To Be Multiple Of %d, Target Size: %d \n", n, MultipleByn);
+	HowManyToAdd = MultipleByn - PayloadData.BytesNumber;
+	NewPaddedShellcode = malloc((SIZE_T)PayloadData.BytesNumber + HowManyToAdd + 1);
+	memcpy(NewPaddedShellcode, PayloadData.pShell, PayloadData.BytesNumber);
+	int i = 0;
+	while (i != HowManyToAdd) {
+		memcpy(PVOID((ULONG_PTR)NewPaddedShellcode + PayloadData.BytesNumber + i), Nop, 1);
+		i++;
+	}
+	printf("[+] Added : %d \n", i);
+	PayloadData.FinalSize = PayloadData.BytesNumber + HowManyToAdd;
+	PayloadData.pNewShell = NewPaddedShellcode;
+}
+
+//-------------------------------------------------------------------------------------------------------------------------------------------------------------------------//
+// createfile of name 'FileName' to write the shellcode to
+BOOL WriteShellCodeFile( char * FileName, PBOOL Success) {
+	HANDLE hFile;
+	hFile = CreateFileA(FileName, GENERIC_READ | GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
+	if (hFile == INVALID_HANDLE_VALUE) {
+		printf("[!] CreateFileA Failed With Error: [%d]\n", GetLastError());
+		*Success = FALSE;
+		return FALSE;
+	}
+	PayloadData.hFile = hFile;
+	*Success = TRUE;
+	return TRUE;
+}
@@ -0,0 +1,151 @@
+#include <Windows.h>
+#include <stdio.h>
+#include <iostream>
+
+#include "Common.h"
+#include "ipv4fuscation.h"
+#include "ipv6fuscation.h"
+#include "MacFuscation.h"
+
+
+#define IPv4Fuscation 1000
+#define MacFuscation  2000
+#define IPv6Fuscation 3000
+
+
+
+int printUsage(char * MeLocation) {
+	printf("[!] Usage: %s <payload file path> [Option*]\n", MeLocation);
+	printf("[i] Option Can Be : \n");
+	printf("\t[1] \"MacFuscation\" || \"mac\" ::: Output The Shellcode As A Array Of Mac Addresses [FC-48-83-E4-F0-E8]\n");
+	printf("\t[2] \"Ipv4Fuscation\" || \"ipv4\" ::: Output The Shellcode As A Array Of ipv4 Addresses [252.72.131.228]\n");
+	printf("\t[3] \"Ipv6Fuscation\" || \"ipv6\" ::: Output The Shellcode As A Array Of ipv6 Addresses [FC48:83E4:F0E8:C000:0000:4151:4150:5251]\n");
+	printf("[i] ");
+	system("PAUSE");
+	return -1;
+}
+
+void Logo() {
+
+	// it probably wont be printed like that but ehh
+	std::cout << R"(
+
+   ▄█    █▄       ▄████████  ▄█        ▄█               ▄████████    ▄█    █▄       ▄████████  ▄█        ▄█       
+  ███    ███     ███    ███ ███       ███              ███    ███   ███    ███     ███    ███ ███       ███       
+  ███    ███     ███    █▀  ███       ███              ███    █▀    ███    ███     ███    █▀  ███       ███       
+ ▄███▄▄▄▄███▄▄  ▄███▄▄▄     ███       ███              ███         ▄███▄▄▄▄███▄▄  ▄███▄▄▄     ███       ███       
+▀▀███▀▀▀▀███▀  ▀▀███▀▀▀     ███       ███            ▀███████████ ▀▀███▀▀▀▀███▀  ▀▀███▀▀▀     ███       ███       
+  ███    ███     ███    █▄  ███       ███                     ███   ███    ███     ███    █▄  ███       ███       
+  ███    ███     ███    ███ ███▌    ▄ ███▌    ▄         ▄█    ███   ███    ███     ███    ███ ███▌    ▄ ███▌    ▄ 
+  ███    █▀      ██████████ █████▄▄██ █████▄▄██       ▄████████▀    ███    █▀      ██████████ █████▄▄██ █████▄▄██ 
+                            ▀         ▀                                                       ▀         ▀         
+	)" << "\t\t\t\t\t\t\t\t\t\t\t\tBY ORCA10K \n";
+}
+
+
+int main(int argc, char* argv[]) {
+	int Type = 0;
+	BOOL Success = FALSE;
+	char OutputShellFileName[32];
+	Logo();
+
+	// args check:
+	if (argc != 3) { 
+		return printUsage(argv[0]);
+	}
+
+	// checking if we can read the payload
+	if ((!ReadBinFile(argv[1])) || PayloadData.pShell == NULL || PayloadData.BytesNumber == NULL) {
+		system("PAUSE");
+		return -1;
+	}
+	printf("[i] Size Of Shellcode: %ld \n", (unsigned int) PayloadData.BytesNumber);
+
+	// checking the format of the shellcode to output 
+
+	if (strcmp(argv[2], "MacFuscation") == 0 || strcmp(argv[2], "macfuscation") == 0 || strcmp(argv[2], "mac") == 0 || strcmp(argv[2], "MAC") == 0){
+		if (PayloadData.BytesNumber % 6 == 0) {
+			printf("[i] The Shellcode is Already multiple of 6, No Need To Append Nops ... \n");
+			PayloadData.pNewShell = malloc((SIZE_T)PayloadData.BytesNumber);
+			memcpy(PayloadData.pNewShell, PayloadData.pShell, PayloadData.BytesNumber);
+			PayloadData.FinalSize = PayloadData.BytesNumber;
+		}
+		else {
+			printf("[i] The Shellcode is Not multiple of 6\n");
+			AppendShellcode(6);
+		}
+		Type = MacFuscation;
+	}
+	
+	else if (strcmp(argv[2], "Ipv4Fuscation") == 0 || strcmp(argv[2], "ipv4fuscation") == 0 || strcmp(argv[2], "ipv4") == 0 || strcmp(argv[2], "IPV4") == 0) {
+		if (PayloadData.BytesNumber % 4 == 0) {
+			printf("[i] The Shellcode is Already multiple of 4, No Need To Append Nops ... \n");
+			PayloadData.pNewShell = malloc((SIZE_T)PayloadData.BytesNumber);
+			memcpy(PayloadData.pNewShell, PayloadData.pShell, PayloadData.BytesNumber);
+			PayloadData.FinalSize = PayloadData.BytesNumber;
+		}
+		else {
+			printf("[i] The Shellcode is Not multiple of 4\n");
+			AppendShellcode(4);
+		}
+		Type = IPv4Fuscation;
+	}
+
+	else if (strcmp(argv[2], "Ipv6Fuscation") == 0 || strcmp(argv[2], "ipv6fuscation") == 0 || strcmp(argv[2], "ipv6") == 0 || strcmp(argv[2], "IPV6") == 0) {
+		if (PayloadData.BytesNumber % 16 == 0) {
+			printf("[i] The Shellcode is Already multiple of 16, No Need To Append Nops ... \n");
+			PayloadData.pNewShell = malloc((SIZE_T)PayloadData.BytesNumber);
+			memcpy(PayloadData.pNewShell, PayloadData.pShell, PayloadData.BytesNumber);
+			PayloadData.FinalSize = PayloadData.BytesNumber;
+		}
+		else {
+			printf("[i] The Shellcode is Not multiple of 16\n");
+			AppendShellcode(16);
+		}
+		Type = IPv6Fuscation;
+	}
+	
+	else {
+		printf("[!] Unkown Input : %s \n", argv[2]);
+		return printUsage(argv[0]);
+	}
+
+	printf("[i] Final Shellcode Size : %ld\n", (unsigned int)PayloadData.FinalSize);
+	unsigned char* FinallShell = (unsigned char*)malloc(PayloadData.FinalSize);
+	memcpy(FinallShell, PayloadData.pNewShell, (SIZE_T)PayloadData.FinalSize);
+	
+	// writing the decoder functions and the shellcode 
+	switch (Type){
+		case IPv4Fuscation:
+			strcpy(OutputShellFileName, "IPv4Fuscation.cpp");
+			WriteShellCodeFile(OutputShellFileName, &Success);
+			Generateipv4Output(PayloadData.FinalSize, FinallShell, &Success);
+			break;
+		case MacFuscation:
+			strcpy(OutputShellFileName, "MacFuscation.cpp");
+			WriteShellCodeFile(OutputShellFileName , &Success);
+			GenerateMacOutput(PayloadData.FinalSize, FinallShell, &Success);
+			break;
+		case IPv6Fuscation:
+			strcpy(OutputShellFileName, "IPv6Fuscation.cpp");
+			WriteShellCodeFile(OutputShellFileName, &Success);
+			Generateipv6Output(PayloadData.FinalSize, FinallShell, &Success);
+			break;
+		default:
+			printf("[!] Unkown Error Occured %d \n", GetLastError());
+			break;
+	}
+	
+	if (Success){
+		printf("[+] Wrote The Shellcode And The Decoder To : %s \n", OutputShellFileName);
+	}
+	else{
+		printf("[!] Failed To Write The Shellcode; Returned Error : %d \n", GetLastError());
+	}
+
+	free(PayloadData.pNewShell);
+	free(FinallShell);
+	//printf("[#] Hit Enter To Exit ... \n");
+	//getchar();
+	return 0;
+}