master
six 2021-10-06 15:16:08 +02:00
parent e65c1ed5ce
commit ca864aa4d5
2 changed files with 124 additions and 2 deletions

View File

@ -1,3 +1,25 @@
# dEncExDelRe # dEncexdel
Decrypt|Encrypt|Execute|Delete|Return dEncexdel encrypts a linux executable or decrypts it into memory, executes it and deletes the decrypted file.
Practical uses: execute a service from memory without storing the plain source or the binary on disk, secure a PoC exploit.
dEncexdel uses /dev/shm/.
Wins:
- You can have executables that are encrypted.
- Does not write to the physical drive, but to memory.
Limitations:
- Goes only as far as execution.
- The executed binary can still be read from memory by root (eg. cat /proc/PID/bin > /tmp/bin)
# usage
Be careful, -e overwrites the passed executable
python3 dEncexdel.py -e executable # encrypt
python3 dEncexdel.py -x executable # decrypt and execute
python3 dEncexdel.py -r executable # just stdout the decrypted data

100
dEncexdel.py 100644
View File

@ -0,0 +1,100 @@
#!/usr/bin/python3
# dEncexdel by six
# version: 1.1
import getpass
import argparse
import base64
from cryptography.fernet import Fernet
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
# Taking arguments from the user
parser = argparse.ArgumentParser()
parser.add_argument("-e", help="Encrypt the executable")
parser.add_argument("-x", help="Decrypt, execute and delete")
parser.add_argument("-r", help="Read and print the decrypted data to stdout")
args = parser.parse_args()
passkey = getpass.getpass("Passkey: ")
# Building the key for Fernet
passkey = passkey.encode()
salt = b'\x05bWB\xc5i\x8b\x8dy\xd5\xe3[~\\Z\x10' # You want to change this and possibly store salts in a database
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
iterations=100000,
backend=default_backend()
)
key = base64.urlsafe_b64encode(kdf.derive(passkey)) # Fernet(key) requires to be a base64 urlsafe string
f = Fernet(key)
# Encryption, overwrites the original file
def encrypt(filename, key):
f = Fernet(key)
with open(filename, "rb") as file:
file_data = file.read()
encrypted_data = f.encrypt(file_data)
with open(filename, "wb") as file:
file.write(encrypted_data)
# Decryption to /dev/shm/dEncexdel/<filename>
def decrypt(filename, key):
# decryption
f = Fernet(key)
with open(filename, "rb") as file:
encrypted_data = file.read()
try:
decrypted_data = f.decrypt(encrypted_data)
except:
print("Wrong passkey")
return
# Print to stdout if -r is used and do not execute
if args.r:
try:
print(decrypted_data.decode('utf-8'))
except:
import sys
sys.stdout.buffer.write(decrypted_data)
return
# Prepare a directory with read permissions to the user only
import os
temp_dir = "/dev/shm/dEncexdel/"
os.mkdir(temp_dir)
os.chmod(temp_dir, 0o700)
# Write out the decrypted executable
filename = temp_dir + filename
with open(filename, "wb") as file:
file.write(decrypted_data)
# Make the temporary file executable
os.chmod(filename, 0o700)
from subprocess import Popen
Popen([filename])
# Wait until binary is loaded but execution not finished
# Let me know if you have a better idea
import time
time.sleep(3)
# Remove the file and the directory
Popen(['rm','-rf',temp_dir])
# Deciding if we encrypt or decrypt and run or just read to stdout
if args.e:
encrypt(args.e, key)
if args.x:
decrypt(args.x, key)
if args.r:
decrypt(args.r, key)