viernes, 26 de mayo de 2023

Fast Emulator For Shellcodes In Rust

I have developed a fast emulator for modern shellcodes, that perform huge loops of millions of instructions emulated for resolving API or for other stuff.

The emulator is in Rust and all the few dependencies as well, so the rust safety is good for emulating malware.  

There are shellcodes that can be emulated from the beginning to the end, but when this is not possible the tool has many features that can be used like a console, a memory tracing, register tracing, and so on.

https://github.com/sha0coder/scemu



In less than two seconds we have emulated 7 millions of instructions arriving to the recv. 

At this point we have some  IOC like  the ip:port where it's connecting and other details.

Lets see what happens after the recv() spawning a console at position: 7,012,204


target/release/scemu -f shellcodes/shikata.bin -vv -c 7012204



In the console, pressing "enter" several times to emulate  step into several steps and we arrive to a return instruction.


Let's see the stack in this moment:


The "ret" instruction is going to jump to the buffer read with recv() so is a kind of stager.

The option "-e" or "--endpoint" is not ready for now, but it will allow to proxy the calls to get the next  stage automatically, but for now we have the details to get the stage.


SCEMU also identify all the Linux  syscalls for 32bits shellcodes:



The encoder used in shellgen is also supported https://github.com/MarioVilas/shellgen

Let's check with cobalt-strike:


We can see where is connecting and which headers is using, so right now we can replicate the communications.



In verbose mode we could do several greps to see the calls and correlate with ghidra/ida/radare or  for example grep the branches to study the emulation flow.


target/release/scemu -f shellcodes/rshell_sgn.bin -vv | grep j


target/release/scemu -f shellcodes/rshell_sgn.bin -vv -c 44000 -l


The -l --loops options makes the emulation a bit slower but track the number of iterations.

Is possible to print all the registers in every step with  -r or --registers  but also is possible to track  specific register for example with --reg esi


target/release/scemu -f shellcodes/shikata.bin --reg esi 


In this case ESI register points to the API name, if we track EAX or ECX will see that are the counters of the loop. These shellcodes  contains a hard loop to locate the API names.

The flag -i or --inspect allow to monitor memory using expressions like "dword ptr [eax + 0xa]"

target/release/scemu -f shellcodes/shikata.bin -i 'dword ptr [esi]'

And more things to come...  find a demo below:

https://www.youtube.com/watch?v=qTYmMjW3DFs





More articles


  1. Hack Website Online Tool
  2. Hacking Tools Mac
  3. Hacking Tools Online
  4. Hacker Hardware Tools
  5. Hacking Tools Windows
  6. Hacking Tools 2020
  7. Hacking Apps
  8. Hak5 Tools
  9. Hack Tools Mac
  10. Pentest Tools For Mac
  11. Pentest Tools Windows
  12. How To Hack
  13. Easy Hack Tools
  14. Bluetooth Hacking Tools Kali
  15. How To Make Hacking Tools
  16. How To Hack
  17. Pentest Tools For Mac
  18. Hacking Tools Pc
  19. Hacking Tools For Windows 7
  20. Hacking Tools Free Download
  21. Best Pentesting Tools 2018
  22. Hacking Tools And Software
  23. Hacker Tools Free
  24. Top Pentest Tools
  25. Termux Hacking Tools 2019
  26. Hacker Tools For Windows
  27. Hacking Tools Github
  28. How To Hack
  29. Hacker Tools Free
  30. Pentest Box Tools Download
  31. Hacker Tools 2019
  32. World No 1 Hacker Software
  33. Hacking Tools Free Download
  34. Pentest Tools Website
  35. Pentest Recon Tools
  36. Hacking Tools 2019
  37. Hacking Tools
  38. Hack Tools For Windows
  39. Hacking Tools For Pc
  40. Hacking Tools Kit
  41. Hack Tools For Windows
  42. World No 1 Hacker Software
  43. Hacker Tools 2020
  44. Pentest Tools Bluekeep
  45. Hacking Tools For Mac
  46. Pentest Tools Review
  47. Pentest Tools Apk
  48. Hacking Apps
  49. Pentest Tools Apk
  50. Pentest Tools
  51. Hacker
  52. Hacking Tools For Windows Free Download
  53. Hacker
  54. Install Pentest Tools Ubuntu
  55. Tools For Hacker
  56. Hack App
  57. Hack Tools For Windows
  58. Ethical Hacker Tools
  59. Pentest Reporting Tools
  60. Hacker Tool Kit
  61. Hacker Tools 2019
  62. Pentest Tools For Ubuntu
  63. Hacker Techniques Tools And Incident Handling
  64. Termux Hacking Tools 2019
  65. Hack Apps
  66. Beginner Hacker Tools
  67. Pentest Tools Windows
  68. Hacker Tool Kit
  69. Pentest Tools List
  70. Hacking Tools 2019
  71. Pentest Recon Tools
  72. Hacking Tools For Windows 7
  73. Hacker Security Tools
  74. Hack App
  75. Hacking Tools Kit
  76. Kik Hack Tools
  77. Hacker Tools Linux
  78. Pentest Automation Tools
  79. Hack Apps
  80. Pentest Reporting Tools
  81. Pentest Tools Framework
  82. Hacking Tools 2019
  83. Pentest Reporting Tools
  84. Pentest Tools Tcp Port Scanner
  85. Pentest Tools For Windows
  86. Hack Tools Mac
  87. How To Hack
  88. Physical Pentest Tools
  89. Hacking Apps
  90. Hacker Tools List
  91. What Are Hacking Tools
  92. Hacking App
  93. Hacking Apps
  94. Hack Tools For Windows
  95. Install Pentest Tools Ubuntu
  96. Hack Tools 2019
  97. Hacker Hardware Tools
  98. Hacker Techniques Tools And Incident Handling
  99. Best Hacking Tools 2020
  100. Hacker Tools For Windows
  101. Hacker Tools Linux
  102. Hack Tools Download
  103. How To Hack
  104. Hacker Tools
  105. Hacking Tools For Windows
  106. Tools 4 Hack
  107. Hack Tools Mac
  108. Hacker Security Tools
  109. Pentest Tools Port Scanner
  110. Hacker Tools Free Download
  111. Hacker
  112. Hack And Tools
  113. Pentest Tools Github
  114. Pentest Tools Find Subdomains
  115. Github Hacking Tools
  116. Pentest Tools Free
  117. Hack Tools Mac
  118. World No 1 Hacker Software
  119. What Are Hacking Tools
  120. How To Make Hacking Tools
  121. Pentest Tools Open Source
  122. Hacking Tools Kit
  123. Hack Tools Pc
  124. Hacking Tools Name
  125. Hacker
  126. Hacking Tools Online
  127. Pentest Tools Tcp Port Scanner
  128. Hacker Tools List
  129. Hacking Tools Hardware
  130. Hacking Tools Github
  131. Hack Rom Tools
  132. Hacker Security Tools
  133. Hacking Tools Windows
  134. Hacker Tools For Mac
  135. Hacking Tools Pc
  136. Hacking Tools Kit
  137. Blackhat Hacker Tools
  138. Pentest Tools Alternative
  139. Hack And Tools
  140. Nsa Hack Tools Download
  141. Hacker Tools Online
  142. Pentest Tools Github
  143. Nsa Hack Tools Download
  144. Bluetooth Hacking Tools Kali
  145. Tools For Hacker
  146. Hackrf Tools
  147. Hacking Tools Github
  148. Hack App
  149. Hacker Tools 2020
  150. Hacker Tools Windows
  151. Hack Tools Download
  152. Pentest Tools Online
  153. Github Hacking Tools
  154. Hacker Tools Windows
  155. Hack Tools Download
  156. Hacking Tools Kit
  157. Termux Hacking Tools 2019
  158. Hacker Security Tools
  159. Hackers Toolbox
  160. Tools Used For Hacking
  161. Hack Tools Online
  162. Pentest Tools Nmap
  163. Hack Tools Pc
  164. Hacking Tools Software
  165. Hacking Tools Windows
  166. Hack Tools
  167. Best Hacking Tools 2019
  168. Hak5 Tools
  169. Pentest Tools Url Fuzzer
  170. Pentest Tools Review
  171. Hack Tools Online

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)