This fourth assignment instructs to use a custom encoding scheme, such as the used Insertion encoder during the SLAE course.
Required to use the execve-stack as used during the course, to encode with the schema and execute.
Assignment
- Create a custom encoding scheme like the “Insertion Encoder”
- PoC with using execve-stack as the shellcode to encode with your schema and execute
Steps taken
– Compiling and generating shellcode for execve-stack
– Using the Insertion Encoder from SLAE
– Select a custom encoder and implement in Python script
– Building the decoder in assembly
– Run and check results
Chosen encoder
Rolling XOR random byte
I’ve chosen a rolling XOR-encoder schema which a random byte: first, ASM code is generated via a script which randomly chooses a byte between 1 and 255. Then, the randomly chosen byte is being used as first byte of the ASM string: the rest of the bytes are being XOR’ed by the randomly chosen byte.
Additionally, it checks if any bad characters are being generated.