Scribd
Upload
169 views19 pages

Reverse Shell Lockheed Martin Khalil Research

This document discusses the development of a reverse shell tool for Lockheed Martin that encrypts communication between a controller and remote shell using AES-256-GCM. The tool allows the controller to execute commands, transfer files, and retrieve system information from the remote Windows shell. The communication will be encrypted using AES-256-GCM and the shell will only use native Windows API functions. Research is needed on implementing AES-256-GCM encryption in C.

Uploaded by

api-704658175
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
169 views19 pages

Reverse Shell Lockheed Martin Khalil Research

This document discusses the development of a reverse shell tool for Lockheed Martin that encrypts communication between a controller and remote shell using AES-256-GCM. The tool allows the controller to execute commands, transfer files, and retrieve system information from the remote Windows shell. The communication will be encrypted using AES-256-GCM and the shell will only use native Windows API functions. Research is needed on implementing AES-256-GCM encryption in C.

Uploaded by

api-704658175
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 19

Reverse Shell:

Lockheed Martin
DONE BY: KHALIL B JEBSI
Background Information
● The RFP:

-Lockheed Martin (LM) Space, the Sponsor, provides large scale and
complex systems to the US Government. It delivers various files and
executables to remote systems for their customers.

● Tools Used:
- AES which is The Advanced Encryption Standard which was
announced by the National Institute of Standards and Technology
(NIST) in November 2001.
Project Overview
- -Lockheed Martin (LM) Space, the Sponsor, provides large scale and
complex systems to the US Government. It delivers various files and
executables to remote systems for their customers.

- This project facilitates the continued exploration and development of


methods to survey and get information from remote systems.

- The Sponsor desires a reverse shell tool to perform actions on a remote


system.
Project Overview
- Modern Linux distribution to run the controller.
- Windows 10 distribution for the shell to run on.
- TCP connection for the shell
- All the communication between the controller and shell must be
encrypted(AES256)
- Ability to task the shell with commands.
- Get, put, delete File
- Get, add, delete registry keys
- Get network IP information, netstat results, ARP tables, routing tables
- Shell must use Windows API functions (no extra libraries for the
executable to run)
Project Overview
Results:
Shell Connecting and sending Data:
Wireshark Capture
RESEARCH AREA FOR THE PROJECT

- RFP encryption requirement:

* Encrypted communication inside the network packet


using Encryption A25 GCM.
Current Status of Technology
- Electronic data is frequently encrypted using the Advanced Encryption Standard
(AES), a block cipher that is quick, secure, and widely utilized. AES includes three
different block ciphers, each of which is named after the key length it uses for
encryption and decryption: AES-128 (128 bit), AES-192 (192 bit), and AES-256 (256
bit). Each of these ciphers uses a different magnitude of cryptographic key to encrypt
and decrypt data in 128-bit blocks.
AES 256 GCM in C language
Fourteen equally structured rounds of encryption, in which the first round key is XORed to
the plaintext (add round key operation). These procedures are performed in each round:
Swap Bytes, Move Rows, Combine Columns, then Include Circular Key.
Subbytes Operation

In the first step of the encryption, which is substituting bites, The key and the input data
(also known as the state) are both organized in a 4x4 byte matrix. The input data and 256-bit
key are divided among the byte matrices.
Shiftrows Operation
In the second step, which is the shifting rows action. It handles distinct rows, as suggested
by its name. A straightforward rotation is carried out with a varied rotate width. The fourth
row of the matrix is moved three bytes to the left, the third row is shifted two bytes to the
left,” and the second row of the 4x4 byte input data (the state) is shifted to one-byte position
to the left”, however, the top row remains unchanged.
Mixcloumns Operation

This operation handles columns in the 4x4 state matrix as opposed to the Shiftrows action,
which manipulates rows. It operates on each column individually. Each byte of a column is
mapped into a new value that is a function of all four bytes in that column
Addroundkey Operation
The fourth operation is Add Round, where it
proceeds one column at a time. This operation adds a
round key word with each state column matrix.
Design Alternatives
Encryption plan

First, we are going to generate a new salt, after that, we are going to use scrypt library to
convert the salt and password into a key we can use.
Next, we are going to open a new file and write out the salt, moreover, we are going to
create a new AES encryption using the key.
Then eventually write the encrypted data to a file.
Decryption plan

First, we are going to read the salt from the source file and will get the salt out of the
encrypted file. Then, we are going to convert the salt and password into a key again. After
that, we are going to read the AES GCM generated “nonce” and get out of the encrypted
file. After that we are going to Read the encrypted file bit-by-bit and decrypt it, then output
each part to the output file.
Conclusion

● The encrypted TCP connection made between the Controller and the Shell with AES
256 GCM can be confirmed by compiling both codes and seeing if they understand
each other or by looking inside the network packet through Wireshark.
References
Federal Information. (2001, November 26). Specification for the ADVANCED
ENCRYPTION STANDARD (AES). NIST Computer Security Resource Center |
CSRC. https://csrc.nist.gov/csrc/media/publications/fips/197/final/documents/fips-
197.pdf

Hall, J. H. (2021, July 3). C Implementation of Cryptographic Algorithms. Analog |


Embedded processing | Semiconductor company | TI.com.

Nitratine. (2020, August 13). Python GCM encryption tutorial.


https://nitratine.net/blog/post/python-gcm-encryption-tutorial/

You might also like