CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/external/source/shellcode/windows/x86/src/test_rc4.asm
Views: 11789
1
;-----------------------------------------------------------------------------;

2
; Author: Michael Schierl (schierlm[at]gmx[dot]de)

3
; Version: 1.0 (29 December 2012)

4
;-----------------------------------------------------------------------------;

5


6
;

7
; c1 = OpenSSL::Cipher::Cipher.new('RC4')

8
; c1.encrypt

9
; c1.key="Hello, my world!"

10
; c1.update("This is some magic data you may want to have encoded and decoded again").unpack("H*")

11
;

12
; => "882353c5de0f5e6b10bf0d25c432c5d16424dc797e895f37f261c893b31d577e7e69f77e07aa576d58c7f757164e7d74988feb10f972b28dcfa1e3a2b1cc0b0fa1a8b116294b"

13
;

14
; c1 = OpenSSL::Cipher::Cipher.new('RC4')

15
; c1.decrypt

16
; c1.key="Hello, my world!"

17
; c1.update(["882353c5de0f5e6b10bf0d25c432c5d16424dc797e895f37f261c893b31d577e7e69f77e07aa576d58c7f757164e7d74988feb10f972b28dcfa1e3a2b1cc0b0fa1a8b116294b"].pack("H*"))

18
;

19
; => "This is some magic data you may want to have encoded and decoded again"

20
;

21


22
[BITS 32]

23
[ORG 0]

24


25
  cld                    ; Clear the direction flag.

26
  call pushkey           ; push the address of the key onto the stack

27
  db "Hello, my world!"

28
pushkey:

29
  pop esi                ; and store it into ESI

30
  call pushdata          ; push the address of the encrypted data on the stack

31
  db 0x88, 0x23, 0x53, 0xc5, 0xde, 0x0f, 0x5e, 0x6b, 0x10, 0xbf, 0x0d, 0x25, 0xc4, 0x32, 0xc5, 0xd1, 0x64, 0x24, 0xdc, 0x79, 0x7e, 0x89, 0x5f, 0x37, 0xf2, 0x61, 0xc8, 0x93, 0xb3, 0x1d, 0x57, 0x7e, 0x7e, 0x69, 0xf7, 0x7e, 0x07, 0xaa, 0x57, 0x6d, 0x58, 0xc7, 0xf7, 0x57, 0x16, 0x4e, 0x7d, 0x74, 0x98, 0x8f, 0xeb, 0x10, 0xf9, 0x72, 0xb2, 0x8d, 0xcf, 0xa1, 0xe3, 0xa2, 0xb1, 0xcc, 0x0b, 0x0f, 0xa1, 0xa8, 0xb1, 0x16, 0x29, 0x4b

32
pushdata:

33
  pop ebp                ; and store it into EBP

34
  mov ecx, 70            ; store data length into ECX

35
  sub esp, 0x100         ; make space on stack for S-Box

36
  mov edi, esp           ; and store address into EDI

37
  nop

38
  nop

39
  nop

40
  int 3                  ; for stepping through the code

41
                         ; let's run the RC4 decoder

42
%include "./src/block/block_rc4.asm"

43
  int 3                  ; EBP should point to decoded data now

44


45