├── README.md ├── myth.cpp └── myth.gif /README.md: -------------------------------------------------------------------------------- 1 | # Myth 2 | 3 | ## Background 4 | 5 | Myth is an ADD/SUB encoder for generating alphanumeric shellcode. It takes user-supplied shellcode and outputs the assembly instructions, in a Python-friendly format, necessary to push that shellcode onto the stack by iteratively manipulating the EAX register. 6 | 7 | This was mainly an excercise in exploring C++ and trying to make something useful at the same time. Hopefully some CTP/OSCE students get some use out of the tool. 8 | 9 | Inspired by [Slink](https://github.com/ihack4falafel/Slink) and [z3ncoder](https://github.com/marcosValle/z3ncoder). 10 | 11 | ## Use 12 | 13 | Myth accepts shellcode input in the following formats: `545b81ebb90d0000ffd3` or `545B81EBB90D0000FFD3`. 14 | 15 | ## Example 16 | 17 | ![](/myth.gif) 18 | 19 | ## Compiling 20 | 21 | `g++ myth.cpp -o myth` 22 | -------------------------------------------------------------------------------- /myth.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | void ascii () { 7 | 8 | std::random_device rd; 9 | std::mt19937 eng(rd()); 10 | std::uniform_int_distribution<> distr(1, 3); 11 | int choice; 12 | choice = distr(eng); 13 | 14 | if (choice == 1) { 15 | 16 | std::cout << " ,~,\n"; 17 | std::cout << " (((""}\n"; 18 | std::cout << " -''-. \"hello poor human,\n"; 19 | std::cout << " (\\ /\\) let me help you with that\n"; 20 | std::cout << " ~______\\) | `\\ shellcode...\"\n"; 21 | std::cout << " ~~~( | ')\n"; 22 | std::cout << " | )____( |\n"; 23 | std::cout << " /|/ ` /|\n"; 24 | std::cout << " \\ \\ / |\n"; 25 | std::cout << " |\\|\\ /| |\\\n"; 26 | std::cout << "\n"; 27 | } 28 | 29 | else if (choice == 2) { 30 | 31 | std::cout << " ______________ \n"; 32 | std::cout << " ,===:'., `-._ \n"; 33 | std::cout << " \"you woke me `:.`---.__ `-._ \n"; 34 | std::cout << " from my slumber for `:. `--. `. \n"; 35 | std::cout << " this? verywell...\" \\. `. `. \n"; 36 | std::cout << " (,,(, \\. `. ____,-`.,\n"; 37 | std::cout << " (,' `/ \\. ,--.___`.' \n"; 38 | std::cout << " , ,' ,--. `, \\.:' ` \n"; 39 | std::cout << " `""{D, ""{ \\ : \\: \n"; 40 | std::cout << " V,,' / / // \n"; 41 | std::cout << " j:: / ,' ,-//. ,---. , \n"; 42 | std::cout << " \\:' / ,' / _ \\ / _ \\ ,'/ \n"; 43 | std::cout << " \\ `' / \\ `' / \\ `.' / \n"; 44 | std::cout << " `.___,' `.__,' `.__,' \n"; 45 | std::cout << "\n"; 46 | } 47 | 48 | else { 49 | 50 | std::cout << " ,;~;,\n"; 51 | std::cout << " /\\_ \"come with me,\n"; 52 | std::cout << " ( / i'll protect you from\n"; 53 | std::cout << " (() //) the restricted chars...\"\n"; 54 | std::cout << " | \\ ,,;;'\\\n"; 55 | std::cout << " __ _( )m=((((((((((((===============--------\n"; 56 | std::cout << " /' ' '()/~' '.(, |\n"; 57 | std::cout << " ,;( )|| | ~\n"; 58 | std::cout << " ,;' \\ /-(.;, )\n"; 59 | std::cout << " ) / ) /\n"; 60 | std::cout << " // ||\n"; 61 | std::cout << " )_\\ )_\\\n"; 62 | std::cout << "\n"; 63 | 64 | 65 | } 66 | 67 | } 68 | 69 | int main () { 70 | 71 | ascii (); 72 | 73 | std::string str; 74 | std::cout << "Enter your shellcode: "; 75 | std::cin >> str; 76 | std::string varName; 77 | std::cout << "Enter variable name: "; 78 | std::cin >> varName; 79 | int length; 80 | length = (str.length()/2); 81 | 82 | if (length % 4 == 0) { 83 | 84 | //std::cout << "Shellcode is divisble by 4.\n"; 85 | 86 | 87 | } 88 | 89 | else { 90 | 91 | //std::cout << "Shellcode is not divisible by 4, adding NOPs.\n"; 92 | while (length % 4 != 0) { 93 | 94 | str = str.append("90"); 95 | length = (str.length()/2); 96 | 97 | } 98 | 99 | } 100 | 101 | //std::cout << "Final shellcode is: " << str << "\n"; 102 | std::cout << "\n"; 103 | 104 | int trueLen, chunkNum, iterator, multiplier; 105 | trueLen = str.length(); 106 | chunkNum = (trueLen/2)/4; 107 | iterator = 0; 108 | multiplier = 0; 109 | trueLen = trueLen - 1; 110 | 111 | int shellcodeLength = 0; 112 | 113 | //This code will dynamically figure out how many 4 byte sections of code we need to encode, and iterate through the user input string and create a new string that is the reverse order. 114 | while (iterator < chunkNum) { 115 | 116 | std::string payload; 117 | std::string append1; 118 | append1 = (str[trueLen - (multiplier + 1)]); 119 | payload.append(append1); 120 | std::string append2; 121 | append2 = (str[trueLen - (multiplier + 0)]); 122 | payload.append(append2); 123 | std::string append3; 124 | append3 = (str[trueLen - (multiplier + 3)]); 125 | payload.append(append3); 126 | std::string append4; 127 | append4 = (str[trueLen - (multiplier + 2)]); 128 | payload.append(append4); 129 | std::string append5; 130 | append5 = (str[trueLen - (multiplier + 5)]); 131 | payload.append(append5); 132 | std::string append6; 133 | append6 = (str[trueLen - (multiplier + 4)]); 134 | payload.append(append6); 135 | std::string append7; 136 | append7 = (str[trueLen - (multiplier + 7)]); 137 | payload.append(append7); 138 | std::string append8; 139 | append8 = (str[trueLen - (multiplier + 6)]); 140 | payload.append(append8); 141 | 142 | ++iterator; 143 | 144 | multiplier = multiplier + 8; 145 | 146 | //std::cout << "Encoding: [" << payload << "]...\n"; 147 | 148 | //assembling the bytes of the reversed shellcode to check for '\xff' and do arithmetic later... 149 | std::string firstByte; 150 | std::string firstByte1; 151 | std::string firstByte2; 152 | firstByte1 = payload[0]; 153 | firstByte2 = payload[1]; 154 | firstByte.append(firstByte1); 155 | firstByte.append(firstByte2); 156 | 157 | //std::cout << "The first byte of the shellcode is: " << firstByte << "\n"; 158 | 159 | std::string secondByte; 160 | std::string secondByte1; 161 | std::string secondByte2; 162 | secondByte1 = payload[2]; 163 | secondByte2 = payload[3]; 164 | secondByte.append(secondByte1); 165 | secondByte.append(secondByte2); 166 | 167 | //std::cout << "The second byte of the shellcode is: " << secondByte << "\n"; 168 | 169 | std::string thirdByte; 170 | std::string thirdByte1; 171 | std::string thirdByte2; 172 | thirdByte1 = payload[4]; 173 | thirdByte2 = payload[5]; 174 | thirdByte.append(thirdByte1); 175 | thirdByte.append(thirdByte2); 176 | 177 | //std::cout << "The third byte of the shellcode is: " << thirdByte << "\n"; 178 | 179 | std::string fourthByte; 180 | std::string fourthByte1; 181 | std::string fourthByte2; 182 | fourthByte1 = payload[6]; 183 | fourthByte2 = payload[7]; 184 | fourthByte.append(fourthByte1); 185 | fourthByte.append(fourthByte2); 186 | 187 | //std::cout << "The fourth byte of the shellcode is: " << fourthByte << "\n"; 188 | 189 | if (firstByte == "ff" or secondByte == "ff" or thirdByte == "ff" or fourthByte == "ff" or firstByte == "FF" or secondByte == "FF" or thirdByte == "FF" or fourthByte == "FF") { 190 | 191 | if (firstByte == "00" or secondByte == "00" or thirdByte == "00" or fourthByte == "00" or firstByte == "01" or secondByte == "01" or thirdByte == "01" or fourthByte == "01" or firstByte == "02" or secondByte == "02" or thirdByte == "02" or fourthByte == "02") { 192 | 193 | 194 | //starting arithmetic on the first byte 195 | int firstHex = std::stoi (firstByte,nullptr,16); 196 | int firstOperator1, firstOperator2, firstOperator3; 197 | firstHex = firstHex + 9; 198 | firstOperator1 = firstHex/3; 199 | firstOperator2 = firstHex/3; 200 | firstOperator3 = (firstHex - firstOperator1 - firstOperator2); 201 | 202 | //converting the decimal ints back into hex strings 203 | std::stringstream convertOne1; 204 | convertOne1 << std::hex << firstOperator1; 205 | std::string convertedOne1 = convertOne1.str(); 206 | if (convertedOne1.length() == 1) { 207 | 208 | convertedOne1.insert(0, "0"); 209 | 210 | } 211 | std::stringstream convertOne2; 212 | convertOne2 << std::hex << firstOperator2; 213 | std::string convertedOne2 = convertOne2.str(); 214 | if (convertedOne2.length() == 1) { 215 | 216 | convertedOne2.insert(0, "0"); 217 | 218 | } 219 | std::stringstream convertOne3; 220 | convertOne3 << std::hex << firstOperator3; 221 | std::string convertedOne3 = convertOne3.str(); 222 | if (convertedOne3.length() == 1) { 223 | 224 | convertedOne3.insert(0, "0"); 225 | 226 | } 227 | 228 | //starting arithmetic on the second byte 229 | int secondHex = std::stoi (secondByte,nullptr,16); 230 | int secondOperator1, secondOperator2, secondOperator3; 231 | secondHex = secondHex + 9; 232 | secondOperator1 = secondHex/3; 233 | secondOperator2 = secondHex/3; 234 | secondOperator3 = (secondHex - secondOperator1 - secondOperator2); 235 | 236 | //converting the decimal ints back into hex strings 237 | std::stringstream convertTwo1; 238 | convertTwo1 << std::hex << secondOperator1; 239 | std::string convertedTwo1 = convertTwo1.str(); 240 | if (convertedTwo1.length() == 1) { 241 | 242 | convertedTwo1.insert(0, "0"); 243 | 244 | } 245 | std::stringstream convertTwo2; 246 | convertTwo2 << std::hex << secondOperator2; 247 | std::string convertedTwo2 = convertTwo2.str(); 248 | if (convertedTwo2.length() == 1) { 249 | 250 | convertedTwo2.insert(0, "0"); 251 | 252 | } 253 | std::stringstream convertTwo3; 254 | convertTwo3 << std::hex << secondOperator3; 255 | std::string convertedTwo3 = convertTwo3.str(); 256 | if (convertedTwo3.length() == 1) { 257 | 258 | convertedTwo3.insert(0, "0"); 259 | 260 | } 261 | 262 | //starting arithmetic on the third byte 263 | int thirdHex = std::stoi (thirdByte,nullptr,16); 264 | int thirdOperator1, thirdOperator2, thirdOperator3; 265 | thirdHex = thirdHex + 9; 266 | thirdOperator1 = thirdHex/3; 267 | thirdOperator2 = thirdHex/3; 268 | thirdOperator3 = (thirdHex - thirdOperator1 - thirdOperator2); 269 | 270 | //converting the decimal ints back into hex strings 271 | std::stringstream convertThree1; 272 | convertThree1 << std::hex << thirdOperator1; 273 | std::string convertedThree1 = convertThree1.str(); 274 | if (convertedThree1.length() == 1) { 275 | 276 | convertedThree1.insert(0, "0"); 277 | 278 | } 279 | std::stringstream convertThree2; 280 | convertThree2 << std::hex << thirdOperator2; 281 | std::string convertedThree2 = convertThree2.str(); 282 | if (convertedThree2.length() == 1) { 283 | 284 | convertedThree2.insert(0, "0"); 285 | 286 | } 287 | std::stringstream convertThree3; 288 | convertThree3 << std::hex << thirdOperator3; 289 | std::string convertedThree3 = convertThree3.str(); 290 | if (convertedThree3.length() == 1) { 291 | 292 | convertedThree3.insert(0, "0"); 293 | 294 | } 295 | 296 | //starting arithmetic on the fourth byte 297 | int fourthHex = std::stoi (fourthByte,nullptr,16); 298 | int fourthOperator1, fourthOperator2, fourthOperator3; 299 | fourthHex = fourthHex + 9; 300 | fourthOperator1 = fourthHex/3; 301 | fourthOperator2 = fourthHex/3; 302 | fourthOperator3 = (fourthHex - fourthOperator1 - fourthOperator2); 303 | 304 | //converting the decimal ints back into hex strings 305 | std::stringstream convertFour1; 306 | convertFour1 << std::hex << fourthOperator1; 307 | std::string convertedFour1 = convertFour1.str(); 308 | if (convertedFour1.length() == 1) { 309 | 310 | convertedFour1.insert(0, "0"); 311 | 312 | } 313 | std::stringstream convertFour2; 314 | convertFour2 << std::hex << fourthOperator2; 315 | std::string convertedFour2 = convertFour2.str(); 316 | if (convertedFour2.length() == 1) { 317 | 318 | convertedFour2.insert(0, "0"); 319 | 320 | } 321 | std::stringstream convertFour3; 322 | convertFour3 << std::hex << fourthOperator3; 323 | std::string convertedFour3 = convertFour3.str(); 324 | if (convertedFour3.length() == 1) { 325 | 326 | convertedFour3.insert(0, "0"); 327 | 328 | } 329 | 330 | 331 | 332 | //std::cout << "FF found with an 01 or 02\n"; 333 | std::cout << varName << " += \"\\x25\\x4a\\x4d\\x4e\\x55\"\n"; 334 | std::cout << varName << " += \"\\x25\\x35\\x32\\x31\\x2a\"\n"; 335 | std::cout << varName << " += \"\\x05\\x" << convertedFour1 << "\\x" << convertedThree1 << "\\x" << convertedTwo1 << "\\x" << convertedOne1 << "\"\n"; 336 | std::cout << varName << " += \"\\x05\\x" << convertedFour2 << "\\x" << convertedThree2 << "\\x" << convertedTwo2 << "\\x" << convertedOne2 << "\"\n"; 337 | std::cout << varName << " += \"\\x05\\x" << convertedFour3 << "\\x" << convertedThree3 << "\\x" << convertedTwo3 << "\\x" << convertedOne3 << "\"\n"; 338 | std::cout << varName << " += \"\\x2d\\x09\\x09\\x09\\x09\"\n"; 339 | std::cout << varName << " += \"\\x50\"\n"; 340 | shellcodeLength = shellcodeLength + 31; 341 | 342 | } 343 | 344 | else { 345 | 346 | 347 | //starting arithmetic on the first byte 348 | int firstHex = std::stoi (firstByte,nullptr,16); 349 | int firstOperator1, firstOperator2, firstOperator3; 350 | firstOperator1 = firstHex/3; 351 | firstOperator2 = firstHex/3; 352 | firstOperator3 = (firstHex - firstOperator1 - firstOperator2); 353 | 354 | //converting the decimal ints back into hex strings 355 | std::stringstream convertOne1; 356 | convertOne1 << std::hex << firstOperator1; 357 | std::string convertedOne1 = convertOne1.str(); 358 | if (convertedOne1.length() == 1) { 359 | 360 | convertedOne1.insert(0, "0"); 361 | 362 | } 363 | std::stringstream convertOne2; 364 | convertOne2 << std::hex << firstOperator2; 365 | std::string convertedOne2 = convertOne2.str(); 366 | if (convertedOne2.length() == 1) { 367 | 368 | convertedOne2.insert(0, "0"); 369 | 370 | } 371 | std::stringstream convertOne3; 372 | convertOne3 << std::hex << firstOperator3; 373 | std::string convertedOne3 = convertOne3.str(); 374 | if (convertedOne3.length() == 1) { 375 | 376 | convertedOne3.insert(0, "0"); 377 | 378 | } 379 | 380 | //starting arithmetic on the second byte 381 | int secondHex = std::stoi (secondByte,nullptr,16); 382 | int secondOperator1, secondOperator2, secondOperator3; 383 | secondOperator1 = secondHex/3; 384 | secondOperator2 = secondHex/3; 385 | secondOperator3 = (secondHex - secondOperator1 - secondOperator2); 386 | 387 | //converting the decimal ints back into hex strings 388 | std::stringstream convertTwo1; 389 | convertTwo1 << std::hex << secondOperator1; 390 | std::string convertedTwo1 = convertTwo1.str(); 391 | if (convertedTwo1.length() == 1) { 392 | 393 | convertedTwo1.insert(0, "0"); 394 | 395 | } 396 | std::stringstream convertTwo2; 397 | convertTwo2 << std::hex << secondOperator2; 398 | std::string convertedTwo2 = convertTwo2.str(); 399 | if (convertedTwo2.length() == 1) { 400 | 401 | convertedTwo2.insert(0, "0"); 402 | 403 | } 404 | std::stringstream convertTwo3; 405 | convertTwo3 << std::hex << secondOperator3; 406 | std::string convertedTwo3 = convertTwo3.str(); 407 | if (convertedTwo3.length() == 1) { 408 | 409 | convertedTwo3.insert(0, "0"); 410 | 411 | } 412 | 413 | //starting arithmetic on the second byte 414 | int thirdHex = std::stoi (thirdByte,nullptr,16); 415 | int thirdOperator1, thirdOperator2, thirdOperator3; 416 | thirdOperator1 = thirdHex/3; 417 | thirdOperator2 = thirdHex/3; 418 | thirdOperator3 = (thirdHex - thirdOperator1 - thirdOperator2); 419 | 420 | //converting the decimal ints back into hex strings 421 | std::stringstream convertThree1; 422 | convertThree1 << std::hex << thirdOperator1; 423 | std::string convertedThree1 = convertThree1.str(); 424 | if (convertedThree1.length() == 1) { 425 | 426 | convertedThree1.insert(0, "0"); 427 | 428 | } 429 | std::stringstream convertThree2; 430 | convertThree2 << std::hex << thirdOperator2; 431 | std::string convertedThree2 = convertThree2.str(); 432 | if (convertedThree2.length() == 1) { 433 | 434 | convertedThree2.insert(0, "0"); 435 | 436 | } 437 | std::stringstream convertThree3; 438 | convertThree3 << std::hex << thirdOperator3; 439 | std::string convertedThree3 = convertThree3.str(); 440 | if (convertedThree3.length() == 1) { 441 | 442 | convertedThree3.insert(0, "0"); 443 | 444 | } 445 | 446 | //starting arithmetic on the second byte 447 | int fourthHex = std::stoi (fourthByte,nullptr,16); 448 | int fourthOperator1, fourthOperator2, fourthOperator3; 449 | fourthOperator1 = fourthHex/3; 450 | fourthOperator2 = fourthHex/3; 451 | fourthOperator3 = (fourthHex - fourthOperator1 - fourthOperator2); 452 | 453 | //converting the decimal ints back into hex strings 454 | std::stringstream convertFour1; 455 | convertFour1 << std::hex << fourthOperator1; 456 | std::string convertedFour1 = convertFour1.str(); 457 | if (convertedFour1.length() == 1) { 458 | 459 | convertedFour1.insert(0, "0"); 460 | 461 | } 462 | std::stringstream convertFour2; 463 | convertFour2 << std::hex << fourthOperator2; 464 | std::string convertedFour2 = convertFour2.str(); 465 | if (convertedFour2.length() == 1) { 466 | 467 | convertedFour2.insert(0, "0"); 468 | 469 | } 470 | std::stringstream convertFour3; 471 | convertFour3 << std::hex << fourthOperator3; 472 | std::string convertedFour3 = convertFour3.str(); 473 | if (convertedFour3.length() == 1) { 474 | 475 | convertedFour3.insert(0, "0"); 476 | 477 | } 478 | 479 | //std::cout << "FF found by itself.\n"; 480 | std::cout << varName << " += \"\\x25\\x4a\\x4d\\x4e\\x55\"\n"; 481 | std::cout << varName << " += \"\\x25\\x35\\x32\\x31\\x2a\"\n"; 482 | std::cout << varName << " += \"\\x05\\x" << convertedFour1 << "\\x" << convertedThree1 << "\\x" << convertedTwo1 << "\\x" << convertedOne1 << "\"\n"; 483 | std::cout << varName << " += \"\\x05\\x" << convertedFour2 << "\\x" << convertedThree2 << "\\x" << convertedTwo2 << "\\x" << convertedOne2 << "\"\n"; 484 | std::cout << varName << " += \"\\x05\\x" << convertedFour3 << "\\x" << convertedThree3 << "\\x" << convertedTwo3 << "\\x" << convertedOne3 << "\"\n"; 485 | std::cout << varName << " += \"\\x50\"\n"; 486 | shellcodeLength = shellcodeLength + 26; 487 | 488 | } 489 | 490 | 491 | 492 | } 493 | 494 | else if (firstByte == "00" or secondByte == "00" or thirdByte == "00" or fourthByte == "00" or firstByte == "01" or secondByte == "01" or thirdByte == "01" or fourthByte == "01") { 495 | 496 | //starting arithmetic on the first byte 497 | int firstHex = std::stoi (firstByte,nullptr,16); 498 | int firstOperator1, firstOperator2, firstOperator3; 499 | firstHex = firstHex + 9; 500 | firstOperator1 = firstHex/3; 501 | firstOperator2 = firstHex/3; 502 | firstOperator3 = (firstHex - firstOperator1 - firstOperator2); 503 | 504 | //converting the decimal ints back into hex strings 505 | std::stringstream convertOne1; 506 | convertOne1 << std::hex << firstOperator1; 507 | std::string convertedOne1 = convertOne1.str(); 508 | if (convertedOne1.length() == 1) { 509 | 510 | convertedOne1.insert(0, "0"); 511 | 512 | } 513 | std::stringstream convertOne2; 514 | convertOne2 << std::hex << firstOperator2; 515 | std::string convertedOne2 = convertOne2.str(); 516 | if (convertedOne2.length() == 1) { 517 | 518 | convertedOne2.insert(0, "0"); 519 | 520 | } 521 | std::stringstream convertOne3; 522 | convertOne3 << std::hex << firstOperator3; 523 | std::string convertedOne3 = convertOne3.str(); 524 | if (convertedOne3.length() == 1) { 525 | 526 | convertedOne3.insert(0, "0"); 527 | 528 | } 529 | 530 | //starting arithmetic on the second byte 531 | int secondHex = std::stoi (secondByte,nullptr,16); 532 | int secondOperator1, secondOperator2, secondOperator3; 533 | secondHex = secondHex + 9; 534 | secondOperator1 = secondHex/3; 535 | secondOperator2 = secondHex/3; 536 | secondOperator3 = (secondHex - secondOperator1 - secondOperator2); 537 | 538 | //converting the decimal ints back into hex strings 539 | std::stringstream convertTwo1; 540 | convertTwo1 << std::hex << secondOperator1; 541 | std::string convertedTwo1 = convertTwo1.str(); 542 | if (convertedTwo1.length() == 1) { 543 | 544 | convertedTwo1.insert(0, "0"); 545 | 546 | } 547 | std::stringstream convertTwo2; 548 | convertTwo2 << std::hex << secondOperator2; 549 | std::string convertedTwo2 = convertTwo2.str(); 550 | if (convertedTwo2.length() == 1) { 551 | 552 | convertedTwo2.insert(0, "0"); 553 | 554 | } 555 | std::stringstream convertTwo3; 556 | convertTwo3 << std::hex << secondOperator3; 557 | std::string convertedTwo3 = convertTwo3.str(); 558 | if (convertedTwo3.length() == 1) { 559 | 560 | convertedTwo3.insert(0, "0"); 561 | 562 | } 563 | 564 | //starting arithmetic on the third byte 565 | int thirdHex = std::stoi (thirdByte,nullptr,16); 566 | int thirdOperator1, thirdOperator2, thirdOperator3; 567 | thirdHex = thirdHex + 9; 568 | thirdOperator1 = thirdHex/3; 569 | thirdOperator2 = thirdHex/3; 570 | thirdOperator3 = (thirdHex - thirdOperator1 - thirdOperator2); 571 | 572 | //converting the decimal ints back into hex strings 573 | std::stringstream convertThree1; 574 | convertThree1 << std::hex << thirdOperator1; 575 | std::string convertedThree1 = convertThree1.str(); 576 | if (convertedThree1.length() == 1) { 577 | 578 | convertedThree1.insert(0, "0"); 579 | 580 | } 581 | std::stringstream convertThree2; 582 | convertThree2 << std::hex << thirdOperator2; 583 | std::string convertedThree2 = convertThree2.str(); 584 | if (convertedThree2.length() == 1) { 585 | 586 | convertedThree2.insert(0, "0"); 587 | 588 | } 589 | std::stringstream convertThree3; 590 | convertThree3 << std::hex << thirdOperator3; 591 | std::string convertedThree3 = convertThree3.str(); 592 | if (convertedThree3.length() == 1) { 593 | 594 | convertedThree3.insert(0, "0"); 595 | 596 | } 597 | 598 | //starting arithmetic on the fourth byte 599 | int fourthHex = std::stoi (fourthByte,nullptr,16); 600 | int fourthOperator1, fourthOperator2, fourthOperator3; 601 | fourthHex = fourthHex + 9; 602 | fourthOperator1 = fourthHex/3; 603 | fourthOperator2 = fourthHex/3; 604 | fourthOperator3 = (fourthHex - fourthOperator1 - fourthOperator2); 605 | 606 | //converting the decimal ints back into hex strings 607 | std::stringstream convertFour1; 608 | convertFour1 << std::hex << fourthOperator1; 609 | std::string convertedFour1 = convertFour1.str(); 610 | if (convertedFour1.length() == 1) { 611 | 612 | convertedFour1.insert(0, "0"); 613 | 614 | } 615 | std::stringstream convertFour2; 616 | convertFour2 << std::hex << fourthOperator2; 617 | std::string convertedFour2 = convertFour2.str(); 618 | if (convertedFour2.length() == 1) { 619 | 620 | convertedFour2.insert(0, "0"); 621 | 622 | } 623 | std::stringstream convertFour3; 624 | convertFour3 << std::hex << fourthOperator3; 625 | std::string convertedFour3 = convertFour3.str(); 626 | if (convertedFour3.length() == 1) { 627 | 628 | convertedFour3.insert(0, "0"); 629 | 630 | } 631 | 632 | //std::cout << "01 was found.\n"; 633 | std::cout << varName << " += \"\\x25\\x4a\\x4d\\x4e\\x55\"\n"; 634 | std::cout << varName << " += \"\\x25\\x35\\x32\\x31\\x2a\"\n"; 635 | std::cout << varName << " += \"\\x05\\x" << convertedFour1 << "\\x" << convertedThree1 << "\\x" << convertedTwo1 << "\\x" << convertedOne1 << "\"\n"; 636 | std::cout << varName << " += \"\\x05\\x" << convertedFour2 << "\\x" << convertedThree2 << "\\x" << convertedTwo2 << "\\x" << convertedOne2 << "\"\n"; 637 | std::cout << varName << " += \"\\x05\\x" << convertedFour3 << "\\x" << convertedThree3 << "\\x" << convertedTwo3 << "\\x" << convertedOne3 << "\"\n"; 638 | std::cout << varName << " += \"\\x2d\\x09\\x09\\x09\\x09\"\n"; 639 | std::cout << varName << " += \"\\x50\"\n"; 640 | shellcodeLength = shellcodeLength + 31; 641 | } 642 | 643 | 644 | else { 645 | 646 | //std::cout << "ff was not found.\n"; 647 | 648 | //starting arithmetic on the first byte 649 | int firstHex = std::stoi (firstByte,nullptr,16); 650 | int firstOperator1, firstOperator2; 651 | firstOperator1 = firstHex/2; 652 | firstOperator2 = (firstHex - firstOperator1); 653 | //converting the decimal ints back into hex strings 654 | std::stringstream convertOne1; 655 | convertOne1 << std::hex << firstOperator1; 656 | std::string convertedOne1 = convertOne1.str(); 657 | if (convertedOne1.length() == 1) { 658 | 659 | convertedOne1.insert(0, "0"); 660 | 661 | } 662 | std::stringstream convertOne2; 663 | convertOne2 << std::hex << firstOperator2; 664 | std::string convertedOne2 = convertOne2.str(); 665 | if (convertedOne2.length() == 1) { 666 | 667 | convertedOne2.insert(0, "0"); 668 | 669 | } 670 | 671 | 672 | //starting arithmetic on the second byte 673 | int secondHex = std::stoi (secondByte,nullptr,16); 674 | int secondOperator1, secondOperator2; 675 | secondOperator1 = secondHex/2; 676 | secondOperator2 = (secondHex - secondOperator1); 677 | //converting the decimal ints back into hex strings 678 | std::stringstream convertTwo1; 679 | convertTwo1 << std::hex << secondOperator1; 680 | std::string convertedTwo1 = convertTwo1.str(); 681 | if (convertedTwo1.length() == 1) { 682 | 683 | convertedTwo1.insert(0, "0"); 684 | 685 | } 686 | std::stringstream convertTwo2; 687 | convertTwo2 << std::hex << secondOperator2; 688 | std::string convertedTwo2 = convertTwo2.str(); 689 | if (convertedTwo2.length() == 1) { 690 | 691 | convertedTwo2.insert(0, "0"); 692 | 693 | } 694 | 695 | 696 | //starting arithmetic on the third byte 697 | int thirdHex = std::stoi (thirdByte,nullptr,16); 698 | int thirdOperator1, thirdOperator2; 699 | thirdOperator1 = thirdHex/2; 700 | thirdOperator2 = (thirdHex - thirdOperator1); 701 | //converting the decimal ints back into hex strings 702 | std::stringstream convertThree1; 703 | convertThree1 << std::hex << thirdOperator1; 704 | std::string convertedThree1 = convertThree1.str(); 705 | if (convertedThree1.length() == 1) { 706 | 707 | convertedThree1.insert(0, "0"); 708 | 709 | } 710 | std::stringstream convertThree2; 711 | convertThree2 << std::hex << thirdOperator2; 712 | std::string convertedThree2 = convertThree2.str(); 713 | if (convertedThree2.length() == 1) { 714 | 715 | convertedThree2.insert(0, "0"); 716 | 717 | } 718 | 719 | //starting arithmetic on the fourth byte 720 | int fourthHex = std::stoi (fourthByte,nullptr,16); 721 | int fourthOperator1, fourthOperator2; 722 | fourthOperator1 = fourthHex/2; 723 | fourthOperator2 = (fourthHex - fourthOperator1); 724 | //converting the decimal ints back into hex strings 725 | std::stringstream convertFour1; 726 | convertFour1 << std::hex << fourthOperator1; 727 | std::string convertedFour1 = convertFour1.str(); 728 | if (convertedFour1.length() == 1) { 729 | 730 | convertedFour1.insert(0, "0"); 731 | 732 | } 733 | std::stringstream convertFour2; 734 | convertFour2 << std::hex << fourthOperator2; 735 | std::string convertedFour2 = convertFour2.str(); 736 | if (convertedFour2.length() == 1) { 737 | 738 | convertedFour2.insert(0, "0"); 739 | 740 | } 741 | 742 | std::cout << varName << " += \"\\x25\\x4a\\x4d\\x4e\\x55\"\n"; 743 | std::cout << varName << " += \"\\x25\\x35\\x32\\x31\\x2a\"\n"; 744 | std::cout << varName << " += \"\\x05\\x" << convertedFour1 << "\\x" << convertedThree1 << "\\x" << convertedTwo1 << "\\x" << convertedOne1 << "\"\n"; 745 | std::cout << varName << " += \"\\x05\\x" << convertedFour2 << "\\x" << convertedThree2 << "\\x" << convertedTwo2 << "\\x" << convertedOne2 << "\"\n"; 746 | std::cout << varName << " += \"\\x50\"\n"; 747 | shellcodeLength = shellcodeLength + 21; 748 | 749 | 750 | 751 | } 752 | 753 | 754 | 755 | } 756 | 757 | 758 | std::cout << "\n"; 759 | std::cout << "Shellcode length: " << shellcodeLength << " bytes" << std::endl; 760 | 761 | } 762 | 763 | 764 | -------------------------------------------------------------------------------- /myth.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/h0mbre/Myth/433810bd6c07870d2a77fecd558e63d6d5b7c49d/myth.gif --------------------------------------------------------------------------------