whpexp
A collection of (not necessarily useful) Windows Hypervisor Platform experiments in Rust.
Experiments
payloadfuzz
The payloadfuzz project experiments with generating payloads in different ways and then executing them within a bare bones protected mode virtual machine.
Supported generators
The reverse nop generator attempts to generate an x64 nop sled in a manner similar to Opty2 in the Metasploit framework. To ensure that the nop sled can be executed from each offset, the nop sled is generated in reverse starting with the last byte and ending with the first byte. Rather than attempting to do this in a smart way, the reverse nop generator simply attempts to brute force the set of valid bytes that can precede other bytes. This is woefully inefficient, but it's a useful example.
Setup
To run payloadfuzz, you need Rust nightly installed and need to install and start a local redis server. The redis server is used to store the collection of valid and invalid payloads for a given payloadfuzz session.
rustup default nightly
wsl sudo apt-get install redis-server
wsl redis-server
Building
Use the following steps to clone and build payloadfuzz.
git clone https://github.com/epakskape/whpexp
git submodule init
git submodule update
cd payloadfuzz
cargo build
Running
To run payloadfuzz, simply specify the generator you wish to use (via -g <generator>
) and the number of VMs to run in parallel (via -v <vm count>
).
Credits
- The authors of the libwhp crate which provided the basis for building this and from which I used code (e.g. from their demo example).