A tool to print and test shellcodes from assembly code.
It supports both Gas and Intel syntax (.s and .asm extensions respectively), as well as x86 and x64 architectures.
make targets [parameters]
-
build
/assembly
- will compile the assembly code from shellcode.s -
debug
- debugs the assembly binary -
print
/xxd
/p
- will print the shellcode in hex -
x
/auto
/a
- will run the shellcode using a smashed stack -
sc_debug
- will debug the shellcode called from a smashed stack -
set
- will let you edit the source assembly code -
neg
- will negate the shellcode, and prepend to it a 12-bytes-long decoder. It assumes the shellcode is reached right after a ret instruction -
xor_byte
- will xor the shellcode with a random byte, and prepend to it an appropriate decoder (the decoder is 21-26 bytes long). It will try to avoid the bytes from the NO parameter. -
xor
- will xor the shellcode with a random rotating word, and prepend to it an appropriate decoder (the decoder is 27-34 bytes long). It will try to avoid the bytes from the NO parameter. -
alphanumeric
- will transform the shellcode into one using alphanumeric chars only (it needs to be reached right after a ret instruction for it to work) -
clean
/c
- removes generated files
-
ARCH=XX
(default=32) XX-bit binaries (32 / 64) -
S=filename
(default=shellcode.s) Source assembly filename. -
SC="\x31\xc0..."
(ignored by default) Raw Input shellcode (overridesS
parameter). -
NO="[0x...]"
(default="[0x00, 0x20, 0x9, 0xa]") List of chars to avoid when xor-ing -
PAUSE=NO
Disables the pause-before-execution security -
LANG=C
Changes the formatting of theprint
command to use a C-style array of bytes -
SYNTAX=INTEL
Changes the syntax used to display assembly source code
-
make print S=foo.asm SYNTAX=INTEL
will print the shellcode from foo.asm with INTEL syntax -
make S=foo.s set c p x ARCH=64
will let you edit foo.s and will then hexdump it and attempt to run it (x64) -
make c print SC="\x31\xc0\x40\xcd\x80"
will parse input shellcode into assembly instructions -
make c p sc_debug SC="\x31\xc0\x40\xcd\x80"
will clean (recommended) then print and debug input shellcode -
make p S=foo.asm | grep -e x00 -e x20
is a useful trick to check for forbidden bytes (bytes 0x00 and 0x20 for instance) -
make p xor S=foo.asm NO="[0x00, 0x20]"
xors the shellcode to avoid forbidden bytes -
make p alphanumeric S=foo.s
generates an alphanumeric version of the shellcode
-
gcc
(as
frontend) andnasm
for GAS and INTEL syntax respectively (extensions .s and .asm) -
gdb
(I also recommend enhancing it withpeda
: https://github.com/longld/peda) -
python
(tested with 2.7.12) -
cut
-
objdump
(optional: you can setOBJDUMP
toDISABLED
in the Makefile) -
ndisasm
(optional: only needed when SYNTAX=INTEL) -
nano
(optional:set
andput
targets only, and you can replace theEDITOR=...
line in the Makefile by your own editor) -
pandoc
&lynx
(optional) : print a nicer help/usage message -
GNU
make
of course