Sha256: 5229c216b87a824e453e60d226e76d234d6c59e283c0efc727e71a5dd2fc5a12

Contents?: true

Size: 1.66 KB

Versions: 43

Compression:

Stored size: 1.66 KB

Contents

#!/usr/bin/env ruby

require 'rex/text'

module Rex
module Encoder

class NonAlpha

	def NonAlpha.gen_decoder()
		decoder =
			"\x66\xB9\xFF\xFF" +
			"\xEB\x19"  +               # Jmp to table
			"\x5E"      +               # pop esi
			"\x8B\xFE"  +               # mov edi, esi      - Get table addr
			"\x83\xC7"  + "A" +         # add edi, tablelen - Get shellcode addr
			"\x8B\xD7"  +               # mov edx, edi      - Hold end of table ptr
			"\x3B\xF2"  +               # cmp esi, edx
			"\x7D\x0B"  +               # jle to end
			"\xB0\x7B"  +               # mov eax, 0x7B     - Set up eax with magic
			"\xF2\xAE"  +               # repne scasb       - Find magic!
			"\xFF\xCF"  +               # dec edi           - scasb purs us one ahead
			"\xAC"      +               # lodsb
			"\x28\x07"  +               # subb [edi], al
			"\xEB\xF1"  +               # jmp BACK!
			"\xEB"      + "B" +         # jmp [shellcode]
			"\xE8\xE2\xFF\xFF\xFF"
	end

	def NonAlpha.encode_byte(block, table, tablelen)
		if (tablelen > 255) or (block == 0x7B)
			raise RuntimeError, "BadChar"
		end
 
		if (block >= 0x41 and block <= 0x5A) or (block >= 0x61 and block <= 0x7A)
			# gen offset, return magic
			offset = 0x7b - block;
			table += offset.chr
			tablelen = tablelen + 1
			block = 0x7B
		end

		return [block.chr, table, tablelen]
	end

	def NonAlpha.encode(buf)
		table = ""
		tablelen = 0
		nonascii = ""
		encoded = gen_decoder()
		buf.each_byte { |block|
			newchar, table, tablelen = encode_byte(block.unpack('C')[0], table, tablelen)
			nonascii += newchar
		}
		encoded.gsub!(/A/, tablelen)
		encoded.gsub!(/B/, tablelen+5)
		encoded += table
		encoded += nonascii
	end

end end end

Version data entries

43 entries across 43 versions & 1 rubygems

Version Path
librex-0.0.4 lib/rex/encoder/nonalpha.rb
librex-0.0.3 lib/rex/encoder/nonalpha.rb
librex-0.0.1 lib/rex/encoder/nonalpha.rb