Is a Python script to work with shellcode at Windows

Tool description

f you work with exploits and shellcode, you already know what shellcode is and how to deal with it. Sometimes it comes with exploits in C, Perl, Python… It usually looks like:

payload = (b"xbfxabxd0x9ax5bxdaxc7xd9x74x24xf4x5ax2bxc9" + "xb1x45x83xc2x04x31x7ax11x03x7ax11xe2x5ex2c" + "x72xd2xa0xcdx83x85x29x28xb2x97x4dx38xe7x27" + ...

But sometimes you need a binary file representation of this shellcode, so you can inject it into some file, debug it or for whatever reason. There are all kinds of scripts out there to deal with shellcode and accomplish different tasks. Binary to shellcode, shellcode to binary (only for bash)… But I was not able to find a simple script to get it under Windows. Even finding “xxd” command (make a hexdump) ported to Windows is possible but not easy (it seems to come bundled with Vim for Windows, but it used to be available with unixtools…).

Anyhow, here is a simple script in Python that works for Windows and will do the job. It will tolerate dirty shellcode (spaces, returns, concatenation commands…) and will only keep hex characters. Then it uses “write” with “wb” so you get a binary file. Quick and dirty.

Functionalities

Here is the tiny code. Just copy it and save it as a .py file. Tested with 2.7 branch.

import binascii
import fileinput
import os
import re
import sys

def shell2bin(args):
if len(args) < 2:
print "Usage: %s shellcodefile binfile" % args[0]
return
else:
try:
with open(sys.argv[1], "r") as fileshell:
flux = fileshell.read()
flux = re.sub("[^0-9,^a-f,^A-F]", "",flux)
with open(sys.argv[2], "wb") as filebin:
filebin.write(binascii.unhexlify(flux))
print "Done!"
except IOError as e:
print "I/O error({0}): {1}".format(e.errno, e.strerror)
except:
print "Unexpected error:", sys.exc_info()[0]
if __name__=='__main__':
shell2bin(sys.argv)
PyShell2Bin
OUR TOOLS

MicEnum

IDENTITY AND PRIVACY

MicEnum is a graphical tool that enumerates the Integrity Levels of the objects in the hard disks, helps to detect anomalies and allows to store and restore this information in an XML file.

Maltego Transforms for Tacyt

THREATS AND VULNERABILITIES

Since Tacyt counts with a comprehensive API and a SDK for an easier used we presented this natural step to created transforms with Maltego.

Neto

THREATS AND VULNERABILITIES

Neto is a tool which is used to analyze browser extensions.