Παρασκευή 26 Μαΐου 2023

Fast Emulator For Shellcodes In Rust

I have developed a fast emulator for modern shellcodes, that perform huge loops of millions of instructions emulated for resolving API or for other stuff.

The emulator is in Rust and all the few dependencies as well, so the rust safety is good for emulating malware.  

There are shellcodes that can be emulated from the beginning to the end, but when this is not possible the tool has many features that can be used like a console, a memory tracing, register tracing, and so on.

https://github.com/sha0coder/scemu



In less than two seconds we have emulated 7 millions of instructions arriving to the recv. 

At this point we have some  IOC like  the ip:port where it's connecting and other details.

Lets see what happens after the recv() spawning a console at position: 7,012,204


target/release/scemu -f shellcodes/shikata.bin -vv -c 7012204



In the console, pressing "enter" several times to emulate  step into several steps and we arrive to a return instruction.


Let's see the stack in this moment:


The "ret" instruction is going to jump to the buffer read with recv() so is a kind of stager.

The option "-e" or "--endpoint" is not ready for now, but it will allow to proxy the calls to get the next  stage automatically, but for now we have the details to get the stage.


SCEMU also identify all the Linux  syscalls for 32bits shellcodes:



The encoder used in shellgen is also supported https://github.com/MarioVilas/shellgen

Let's check with cobalt-strike:


We can see where is connecting and which headers is using, so right now we can replicate the communications.



In verbose mode we could do several greps to see the calls and correlate with ghidra/ida/radare or  for example grep the branches to study the emulation flow.


target/release/scemu -f shellcodes/rshell_sgn.bin -vv | grep j


target/release/scemu -f shellcodes/rshell_sgn.bin -vv -c 44000 -l


The -l --loops options makes the emulation a bit slower but track the number of iterations.

Is possible to print all the registers in every step with  -r or --registers  but also is possible to track  specific register for example with --reg esi


target/release/scemu -f shellcodes/shikata.bin --reg esi 


In this case ESI register points to the API name, if we track EAX or ECX will see that are the counters of the loop. These shellcodes  contains a hard loop to locate the API names.

The flag -i or --inspect allow to monitor memory using expressions like "dword ptr [eax + 0xa]"

target/release/scemu -f shellcodes/shikata.bin -i 'dword ptr [esi]'

And more things to come...  find a demo below:

https://www.youtube.com/watch?v=qTYmMjW3DFs





Related posts
  1. Hacker Tools Hardware
  2. Nsa Hacker Tools
  3. Hack Tools Github
  4. Hack Rom Tools
  5. Nsa Hack Tools
  6. Pentest Tools List
  7. Hacker Tools Free
  8. Hacking Tools Kit
  9. Hack Tools Mac
  10. Pentest Tools Website
  11. Tools Used For Hacking
  12. Pentest Tools Apk
  13. Game Hacking
  14. Pentest Tools For Android
  15. Growth Hacker Tools
  16. Hacker Tools Linux
  17. Hak5 Tools
  18. Ethical Hacker Tools
  19. Pentest Tools Review
  20. Hacking Tools Software
  21. Pentest Tools Website
  22. Nsa Hacker Tools
  23. Best Hacking Tools 2020
  24. Pentest Tools Tcp Port Scanner
  25. How To Install Pentest Tools In Ubuntu
  26. Hacking Tools 2020
  27. Hacking Tools Windows 10
  28. Pentest Tools For Windows
  29. Pentest Tools Framework
  30. What Is Hacking Tools
  31. Hacking Tools For Windows 7
  32. Hack And Tools
  33. Pentest Tools Nmap
  34. Hacking Tools For Games
  35. Nsa Hack Tools Download
  36. Hacking Tools For Mac
  37. Hacker Tools For Windows
  38. Hacking Tools For Windows Free Download
  39. Hacking Tools Online
  40. Hack Tools Github
  41. Hacker Tools For Mac
  42. Hacker
  43. Hacking Tools 2020
  44. Hacker Tools For Pc
  45. Hacking Tools For Mac
  46. Hacking App
  47. Hack Tools For Windows
  48. Hacker Tools Apk Download
  49. How To Make Hacking Tools
  50. Hacking Tools For Windows 7
  51. Hacker Tools For Windows
  52. Hack Tool Apk No Root
  53. Underground Hacker Sites
  54. Hack Tools Download
  55. Best Pentesting Tools 2018
  56. Hacking Tools 2019
  57. Hack Tools
  58. Pentest Tools Tcp Port Scanner
  59. Hack Tools For Pc
  60. Pentest Tools For Android
  61. Blackhat Hacker Tools
  62. Hack Tools
  63. Hacking Tools Github
  64. Hacking Tools For Windows Free Download
  65. Bluetooth Hacking Tools Kali
  66. Hack Tool Apk
  67. Hack Tools Pc
  68. Pentest Tools Subdomain
  69. How To Make Hacking Tools
  70. Hacking Tools For Games
  71. Hacking Tools Hardware
  72. Tools 4 Hack
  73. Hacking Tools Kit
  74. Hack Tools For Ubuntu
  75. Hacker Techniques Tools And Incident Handling
  76. Hacking Tools For Windows
  77. What Is Hacking Tools
  78. Pentest Tools For Mac
  79. Hack Tools Github
  80. Pentest Tools List
  81. Pentest Reporting Tools
  82. Hacking Apps
  83. Pentest Tools Url Fuzzer
  84. Nsa Hack Tools
  85. Hacker Tools For Pc
  86. Hackers Toolbox
  87. Hack Tools Github
  88. Black Hat Hacker Tools
  89. Hacking Apps
  90. Pentest Tools Online
  91. Pentest Tools Free
  92. Hacker Tools Apk
  93. Hacker Tools Free
  94. Hack Tool Apk No Root
  95. Hacking Tools 2020
  96. Hacking Tools For Windows 7
  97. Pentest Tools List
  98. Hacking Tools For Beginners
  99. Hacker Tools 2020
  100. Hack Tools For Pc
  101. Hacking Tools Kit
  102. Hack Tools For Games
  103. Free Pentest Tools For Windows
  104. Pentest Tools Free
  105. Nsa Hack Tools
  106. Android Hack Tools Github
  107. Hacking Tools For Windows 7
  108. Hacking Tools Online
  109. Hacker Tools For Ios
  110. Hacker Security Tools
  111. Github Hacking Tools
  112. Hacking Tools 2020
  113. Pentest Tools Windows
  114. Hacker Tools Hardware
  115. Hacker Security Tools
  116. Pentest Tools Website Vulnerability
  117. Hack App
  118. Hack Tools Github
  119. Pentest Tools Website Vulnerability
  120. Hacker Tools 2020
  121. Hacking Tools Usb
  122. Hack Tools For Ubuntu
  123. Pentest Tools Find Subdomains
  124. Tools Used For Hacking
  125. Hacking Tools Github
  126. Pentest Tools Online
  127. Pentest Tools Review
  128. Blackhat Hacker Tools
  129. Hack Tool Apk
  130. Hacker Tools Apk Download
  131. Pentest Tools Nmap
  132. Pentest Tools Subdomain
  133. World No 1 Hacker Software
  134. Tools 4 Hack
  135. Hacking Tools And Software
  136. Best Hacking Tools 2020
  137. Hacking App
  138. Tools Used For Hacking
  139. Hack Tools For Mac
  140. Free Pentest Tools For Windows
  141. Tools For Hacker
  142. Pentest Tools
  143. Hack Apps
  144. Hack Tools Download
  145. Hacker Tools For Ios
  146. Hack Tools For Games
  147. Pentest Tools For Mac
  148. Hack And Tools
  149. World No 1 Hacker Software
  150. Hackrf Tools
  151. Hacks And Tools
  152. Best Pentesting Tools 2018
  153. Underground Hacker Sites
  154. Game Hacking
  155. Pentest Tools Framework
  156. Hacking Tools Software
  157. Hacking Tools Kit
  158. Hacker Tools For Mac
  159. Hacking Tools For Windows
  160. Best Hacking Tools 2019
  161. Android Hack Tools Github
  162. Easy Hack Tools
  163. Hacking Tools For Windows 7
Αναρτήθηκε από στις

Δεν υπάρχουν σχόλια:

Δημοσίευση σχολίου

Εγγραφή σε: Σχόλια ανάρτησης (Atom)