Today Great Book at Amazon.com
Visit Amazon.com to see more

Saturday, June 3, 2023

Fast Emulator For Shellcodes In Rust

I have developed a fast emulator for modern shellcodes, that perform huge loops of millions of instructions emulated for resolving API or for other stuff.

The emulator is in Rust and all the few dependencies as well, so the rust safety is good for emulating malware.  

There are shellcodes that can be emulated from the beginning to the end, but when this is not possible the tool has many features that can be used like a console, a memory tracing, register tracing, and so on.

https://github.com/sha0coder/scemu



In less than two seconds we have emulated 7 millions of instructions arriving to the recv. 

At this point we have some  IOC like  the ip:port where it's connecting and other details.

Lets see what happens after the recv() spawning a console at position: 7,012,204


target/release/scemu -f shellcodes/shikata.bin -vv -c 7012204



In the console, pressing "enter" several times to emulate  step into several steps and we arrive to a return instruction.


Let's see the stack in this moment:


The "ret" instruction is going to jump to the buffer read with recv() so is a kind of stager.

The option "-e" or "--endpoint" is not ready for now, but it will allow to proxy the calls to get the next  stage automatically, but for now we have the details to get the stage.


SCEMU also identify all the Linux  syscalls for 32bits shellcodes:



The encoder used in shellgen is also supported https://github.com/MarioVilas/shellgen

Let's check with cobalt-strike:


We can see where is connecting and which headers is using, so right now we can replicate the communications.



In verbose mode we could do several greps to see the calls and correlate with ghidra/ida/radare or  for example grep the branches to study the emulation flow.


target/release/scemu -f shellcodes/rshell_sgn.bin -vv | grep j


target/release/scemu -f shellcodes/rshell_sgn.bin -vv -c 44000 -l


The -l --loops options makes the emulation a bit slower but track the number of iterations.

Is possible to print all the registers in every step with  -r or --registers  but also is possible to track  specific register for example with --reg esi


target/release/scemu -f shellcodes/shikata.bin --reg esi 


In this case ESI register points to the API name, if we track EAX or ECX will see that are the counters of the loop. These shellcodes  contains a hard loop to locate the API names.

The flag -i or --inspect allow to monitor memory using expressions like "dword ptr [eax + 0xa]"

target/release/scemu -f shellcodes/shikata.bin -i 'dword ptr [esi]'

And more things to come...  find a demo below:

https://www.youtube.com/watch?v=qTYmMjW3DFs





Related posts
  1. Pentest Tools Framework
  2. Hacker Security Tools
  3. Hacking Tools Usb
  4. Hackers Toolbox
  5. Hack Tools
  6. Hacking Tools For Kali Linux
  7. Hack Tools For Games
  8. Nsa Hack Tools Download
  9. Hacker Hardware Tools
  10. Tools For Hacker
  11. Hack Tool Apk
  12. Hacking Tools For Pc
  13. Hacker Tools Mac
  14. Easy Hack Tools
  15. Hacking Tools 2020
  16. Hacker Tools 2020
  17. Hacker Tools Apk
  18. Pentest Recon Tools
  19. Computer Hacker
  20. Beginner Hacker Tools
  21. Hack App
  22. Free Pentest Tools For Windows
  23. Pentest Tools
  24. Pentest Tools Github
  25. Pentest Tools
  26. Hack Tools Pc
  27. Black Hat Hacker Tools
  28. Tools 4 Hack
  29. Hacking Tools Download
  30. Pentest Tools Framework
  31. Hack Tools Mac
  32. Hacking Apps
  33. Pentest Tools Subdomain
  34. Hacker Tools Free Download
  35. Pentest Tools Open Source
  36. Pentest Tools Windows
  37. Pentest Tools Website Vulnerability
  38. Pentest Tools Apk
  39. Hacking Tools And Software
  40. Hacking Tools For Windows Free Download
  41. Pentest Tools Android
  42. Hacker Tools For Windows
  43. Computer Hacker
  44. Pentest Tools Android
  45. Hack Tools Pc
  46. Hack Tool Apk No Root
  47. Nsa Hack Tools Download
  48. Hack Tools Pc
  49. Physical Pentest Tools
  50. Underground Hacker Sites
  51. Hack Rom Tools
  52. Hack Apps
  53. Kik Hack Tools
  54. Hacking Tools For Kali Linux
  55. Hack App
  56. How To Hack
  57. Game Hacking
  58. Hack Tools Download
  59. Hacker Security Tools
  60. Pentest Tools Find Subdomains
  61. Pentest Tools Nmap
  62. Hacker Tools Online
  63. Ethical Hacker Tools
  64. Pentest Reporting Tools
  65. Hack Apps
  66. Nsa Hack Tools
  67. Github Hacking Tools
  68. Black Hat Hacker Tools
  69. Hacking Tools For Windows Free Download
  70. Pentest Tools Tcp Port Scanner
  71. Hacker Tools For Windows
  72. What Are Hacking Tools
  73. Hacking Tools Download
  74. Hacking Tools 2020
  75. Hacking Tools Download
  76. Hacking Apps
  77. Pentest Box Tools Download
  78. Hacker Tools Software
  79. What Are Hacking Tools
  80. Hacker Tools Software
  81. Install Pentest Tools Ubuntu
  82. Hack Tools Mac
  83. How To Hack
  84. Pentest Tools List
  85. Hacker Tools For Pc
  86. Hacker Tools
  87. Hacking Tools 2019
  88. Android Hack Tools Github
  89. Hacking Tools Download
  90. Github Hacking Tools
  91. Pentest Tools Online
  92. Hacker Security Tools
  93. Hacker Tools Software
  94. Pentest Tools Windows
  95. Game Hacking
  96. Hacking Tools Name
  97. Hacker Tools Apk Download
  98. Hacking Tools
  99. Hack Website Online Tool
  100. Hacker Tools Online
  101. Hack Tools
  102. Underground Hacker Sites
  103. Hack And Tools
  104. Tools Used For Hacking
  105. Hacking Tools
  106. Hacker Tools For Ios
  107. Beginner Hacker Tools
  108. Hack Tools Github
  109. Hacker Tools For Ios
  110. Hacking Tools For Beginners
  111. Hacker Tools Mac
  112. Hacker Hardware Tools
  113. Pentest Tools List
  114. Hacking App
  115. Pentest Tools Review
  116. Pentest Tools Website
  117. Pentest Tools Linux
  118. Hack Website Online Tool
  119. Pentest Tools Bluekeep
  120. Game Hacking
  121. Hack Tools
  122. Hack Tools Mac
  123. Pentest Tools For Windows
  124. Hacking Apps
  125. Hacker Security Tools
  126. New Hacker Tools
  127. Hacking Tools Windows
  128. Usb Pentest Tools
  129. Game Hacking
  130. Underground Hacker Sites
  131. Hacking Tools And Software
  132. Kik Hack Tools
  133. Hackers Toolbox
  134. Tools Used For Hacking
  135. Hacker Tools Hardware
  136. Hack Rom Tools
  137. Beginner Hacker Tools
  138. Hacking Tools
  139. Tools For Hacker
  140. Hacking Tools Pc
  141. Hacker Search Tools
  142. Pentest Tools Kali Linux
  143. Hack Website Online Tool
  144. Hacker Tools Hardware
  145. Nsa Hack Tools Download
  146. Hackers Toolbox
  147. Bluetooth Hacking Tools Kali
  148. World No 1 Hacker Software
  149. Best Pentesting Tools 2018
  150. Hacking Tools Mac
  151. Pentest Tools For Windows
  152. Hacker Tools Online
  153. Tools For Hacker
  154. How To Install Pentest Tools In Ubuntu
  155. Hacker Tools 2019
  156. Hack Tools For Mac
  157. Pentest Tools For Mac
  158. Hacking Tools For Beginners
  159. Pentest Tools Port Scanner
  160. Top Pentest Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Wee Knowledge is an information of business management blog. All comments should be respect to other. If there are any unrespect comment, it will be deleted. Hope you will get somthing form this blog.
Wee Knowledge.Blogspot.com