Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Dynamic key XOR Encoder

🗓️ 01 Sep 2018 01:17:15Reported by lupman, phraType 
metasploit
 metasploit🔗 www.rapid7.com👁 86 Views

Dynamic key XOR Encoder, x64 with dynamic key siz

Code
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Encoder::XorDynamic

  def initialize
    super(
      'Name'             => 'Dynamic key XOR Encoder',
      'Description'      => 'An x64 XOR encoder with dynamic key size',
      'Author'           => [ 'lupman', 'phra' ],
      'Arch'             => ARCH_X64,
      'License'          => MSF_LICENSE
      )
  end

  # Indicate that this module can preserve some registers
  # ...which is currently not true. This is a temp fix
  # until the full preserve_registers functionality is
  # implemented.
  def can_preserve_registers?
    true
  end

  def stub
    "\xeb\x27" +             #        jmp    _call
    "\x5b" +                 # _ret:  pop    rbx
    "\x53" +                 #        push   rbx
    "\x5f" +                 #        pop    rdi
    "\xb0\x41" +             #        mov    al, 'A'
    "\xfc" +                 #        cld
    "\xae" +                 # _lp1:  scas   al, BYTE PTR es:[rdi]
    "\x75\xfd" +             #        jne    _lp1
    "\x57" +                 #        push   rdi
    "\x59" +                 #        pop    rcx
    "\x53" +                 # _lp2:  push   rbx
    "\x5e" +                 #        pop    rsi
    "\x8a\x06" +             # _lp3:  mov    al, BYTE PTR [rsi]
    "\x30\x07" +             #        xor    BYTE PTR [rdi], al
    "\x48\xff\xc7" +         #        inc    rdi
    "\x48\xff\xc6" +         #        inc    rsi
    "\x66\x81\x3f\x42\x42" + #        cmp    WORD PTR [rdi], 'BB'
    "\x74\x07" +             #        je     _jmp
    "\x80\x3e\x41" +         #        cmp    BYTE PTR [rsi], 'A'
    "\x75\xea" +             #        jne    _lp3
    "\xeb\xe6" +             #        jmp    _lp2
    "\xff\xe1" +             # _jmp:  jmp    rcx
    "\xe8\xd4\xff\xff\xff"   # _call: call   _ret
  end

  def stub_key_term
    /A/
  end

  def stub_payload_term
    /BB/
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Dec 2018 00:02Current
7.1High risk
Vulners AI Score7.1
metasploitencoderx64dynamic keyxormoduleencoderkeysizesourcegithubregistersstubexploit
86