This tool or "script universal packer" has a couple of years and is still quite useful ... Sherlocked is a protector of scripts of any kind (python, perl, shell etc.) using a simple XOR with password. Unless the -r option is used, the key is stored encrypted within the binary and run without having to set manually.
Sherlocked basically takes the script, encrypts and saves it as an executable file x86_64 ELF with anti-debugging code (initially stripea of the symbol table and compressed with UPX).
In runtime executable that temporarily decrypts the script and writes it to a random file in / tmp. Then pass the script and command line arguments to the interpreter is released and finally deletes the script.
In runtime executable that temporarily decrypts the script and writes it to a random file in / tmp. Then pass the script and command line arguments to the interpreter is released and finally deletes the script.
The only "but" if you use a password file (-r option) is that it does not support arguments cmdline, but could be implemented.
And as we are, to improve you could also use a real encryption stream as SALSA20 rather simple XOR and for AV annoying, modify the stub with gen_shellcode.c to convert a file compiled ./stub stub_shellcode.h .
And as we are, to improve you could also use a real encryption stream as SALSA20 rather simple XOR and for AV annoying, modify the stub with gen_shellcode.c to convert a file compiled ./stub stub_shellcode.h .
Compilar:
make
make
Uso:
./sherlocked [-r]
./sherlocked [-r]
<infile> <-> The script file
<outfile> <-> The protected output file
<key> <-> The key string used to encrypt the script
[-r] <-> Require the user who runs the protected executable supplies the key for it to run I.E ./script.elf <key>
Example of use protecting a Python script:
ryan@elfmaster:~/git/sherlocked$ ./script.py
hello I am a python script
ryan@elfmaster:~/git/sherlocked$ ./sherlocked script.py script.elf p4ssw0rd /usr/bin/python -r
[+] The user who executes script.elf must supply password: p4ssw0rd
[+] Encoding payload data
[+] Encoding payload struct
[+] Building msg program
[+] utils/stripx exists, so using it to strip section headers off of DRM archive
[+] /usr/bin/upx exists, so using it to compress script.elf
Ultimate Packer for eXecutables
Copyright (C) 1996 - 2013
UPX 3.91 Markus Oberhumer, Laszlo Molnar & John Reiser Sep 30th 2013
File size Ratio Format Name
-------------------- ------ ----------- -----------
5003224 -> 324236 6.48% linux/ElfAMD script.elf
Packed 1 file.
Successfully created script.elf
ryan@elfmaster:~/git/sherlocked$ ./script.elf
This message requires that you supply a key to decrypt
ryan@elfmaster:~/git/sherlocked$ ./script.elf p4ssw0rd
hello I am a python script
ryan@elfmaster:~/git/sherlocked$
DOWNLOAD LINK : https://github.com/elfmaster/sherlocked
Categories: Encrypted, Kali Linux, Linux, Python Exploits, Reverse Engineering, Shellcodes
0 Comments:
Post a Comment