Shulou(Shulou.com)06/03 Report--

This article introduces the relevant knowledge of "how to use nim-lang kill-free test". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Nim-lang kill-free test: callback function combined with steganography

Is to hide shellcode, such as beacon.bin, in a PNG image, of course, after being encrypted by AES before embedding the image. At run time, the shellcode is extracted and finally injected into shellcode through callback.

Steganography

I wanted to use https://github.com/treeform/steganography directly, but I ruthlessly reported an error:

Reading the code found that, in fact, the information is hidden in the PNG picture each pixel RGBA in the lowest two bits, so a pixel can hide 8 bits, that is, 1 byte of data. Another pit is how to identify how much data is embedded and finally decide to save the size of the embedded data with the first 8 bytes. The code for this part is kept in lsb.nim.

The encryption and decryption part uses AES256-CTR and refers to the encrypt_decrypt_bin.nim of OffensiveNim.

Generate encrypted pictures

Compile lsb.nim

Nim c-d:realese-- opt:size-- cpu:amd64 lsb.nim

Generate encrypted pictures

Restore a file

Compared with the restored file, it is found that the hash is consistent with the original file, which shows that it is correct.

Inject shellcode

Note: the local test has updated windows 10 defender to the latest (if the first time is unsuccessful, you can try a second time).

Currently, there are 17 built-in methods to inject shellcode through callback, and the runtime chooses one as soon as possible. The implementation of this part can be found in my previous article, Shellcode Injection via Callbacks.

Compile letsgo.nim

Nim c-d:realese-d:ssl-opt:size-cpu:amd64 letsgo.nim

This is the end of the content of "how to use nim-lang kill-free test". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.