Quick and dirty shellcode to binary python script

ElevenPaths    12 septiembre, 2013

If you work
with exploits and shellcode, you already know what shellcode is and how to deal
with it. Sometimes it comes with exploits in C, Perl, Python… It usually
looks like:
payload = (b"xbfxabxd0x9ax5bxdaxc7xd9x74x24xf4x5ax2bxc9" +
"xb1x45x83xc2x04x31x7ax11x03x7ax11xe2x5ex2c" +
"x72xd2xa0xcdx83x85x29x28xb2x97x4dx38xe7x27" + ...
sometimes you need a binary file representation of this shellcode, so you can
inject it into some file, debug it or for whatever reason. There are all kinds
of scripts out there to deal with shellcode and accomplish different tasks.
Binary to shellcode, shellcode to binary (only for bash)… But I was not
able to find a simple script to get it under Windows. Even finding
“xxd” command (make a hexdump) ported to Windows is possible but not
easy (it seems to come bundled with Vim for Windows, but it used to be available
with unixtools…).

here is a simple script in Python that works for Windows and will do the job.
It will tolerate dirty shellcode (spaces, returns, concatenation commands…)
and will only keep hex characters. Then it uses “write” with “wb” so
you get a binary file. Quick and dirty.

Here’s the tiny code. Just copy it and save it as a .py file. Tested with 2.7 branch.

import binascii
import fileinput
import os
import re
import sys

def shell2bin(args):
 if len(args) < 2:
  print "Usage: %s shellcodefile binfile" % args[0]
   with open(sys.argv[1], "r") as fileshell:
    flux = fileshell.read()
    flux = re.sub("[^0-9,^a-f,^A-F]", "",flux)
   with open(sys.argv[2], "wb") as filebin:
    print "Done!"
  except IOError as e:
   print "I/O error({0}): {1}".format(e.errno, e.strerror)
   print "Unexpected error:", sys.exc_info()[0] 
if __name__=='__main__':

Sergio de los Santos 

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *