Wednesday 10 August 2016

GSoC Work Submission

Hello,

This is the direct link to all the work that is done during GSOC period :
PR Link: https://github.com/zscproject/OWASP-ZSC/pulls?utf8=%E2%9C%93&q=is%3Apr%20is%3Aclosed%20author%3APratik151%20created%3A2016-05-23..2016-08-15

Commits link : https://github.com/zscproject/OWASP-ZSC/commits?author=Pratik151&page=1

First part of my project was writing Windows Shellcode, It was great part to learn about shellcode as I didn't have much knowledge about shellcode before I started contributing to ZSC.

At first I created Opcoder which converts the assembly code to opcodes - https://github.com/zscproject/OWASP-ZSC/blob/master/lib/opcoder/windows_x86.py

Then I created Windows Execute Shellcode which takes parameter as filename to be executed to generate shellcode - https://github.com/zscproject/OWASP-ZSC/blob/master/lib/generator/windows_x86/exec.py

Next was create directory Shellcode - https://github.com/zscproject/OWASP-ZSC/blob/master/lib/generator/windows_x86/dir_create.py

The other Shellcode's which were done are :
creating file  - https://github.com/zscproject/OWASP-ZSC/pull/47
Downloading file - https://github.com/zscproject/OWASP-ZSC/pull/48
Download and Execute - https://github.com/zscproject/OWASP-ZSC/pull/49
Add Admin - https://github.com/zscproject/OWASP-ZSC/pull/50
Disable Firewall - https://github.com/zscproject/OWASP-ZSC/pull/51

Next I started working on obfuscation modules. Created Reverse hex and reverse base64 obfuscation modules for Ruby, Python, Perl, Javascript and php. Here are the PR's :
https://github.com/zscproject/OWASP-ZSC/pull/60
https://github.com/zscproject/OWASP-ZSC/pull/62
https://github.com/zscproject/OWASP-ZSC/pull/63

I had to work on other obfuscation modules but as ZSC tool got accepted in DEFCON we had to make Windows Shellcode part complete as that was to be presented. There were no encoding modules for Shellcode but as it was needed to complete Windows Shellcode part I started working on Encoding part.
Here are the Encoding module that were created :
Xor random - https://github.com/zscproject/OWASP-ZSC/pull/64  https://github.com/zscproject/OWASP-ZSC/pull/70
Add random - https://github.com/zscproject/OWASP-ZSC/pull/73
Sub random - https://github.com/zscproject/OWASP-ZSC/pull/78
xor yourvalue - https://github.com/zscproject/OWASP-ZSC/pull/79
inc and dec encodes - https://github.com/zscproject/OWASP-ZSC/pull/103/commits/e0364d3cda3b30caeabc06773586ec1914b96798
inc yourvalue and dec yourvalue - https://github.com/zscproject/OWASP-ZSC/pull/103/commits/4c49c10c29506ea9e49df6fcdcec86b1c5d26ee2
Add yourvalue and sub yourvalue - https://github.com/zscproject/OWASP-ZSC/pull/103/commits/61a5b2ff49c021bcb5b7bc65042547e71bf0a6d5

After Encoding modules part as I didn't have much time to add complex obfuscation module I started working on simple ascii obfuscation module  and here is the PR - https://github.com/zscproject/OWASP-ZSC/pull/103

If you are interested in contributing/learning more about the tool refer the documentation : https://ali-razmjoo.gitbooks.io/owasp-zsc/content/

It was great experience to work on ZSC tool as I learned many things about exploits, Shellcode etc., I would like to thanks OWASP Organizations, my mentors Brian for helping me to learn about shellcode and clearing my doubts, Johanna is great leader who is doing everything she can for ZSC and also Ali for helping me with project, also reviewing PR's and for creating this tool :). GSoC will be ending but I will still be contributing to ZSC tool. Next couple of months ZSC tool will be still having new changes as it is likely to participate in BlackHat Arsenal EU (Johanna applied for it already) and we can add some new features to the tool. Also we have working API and osx shellcode added to tool. Thanks to Akash Trehan for adding osx module.


No comments:

Post a Comment