Kuymak

A tasty cross-platform tool from Blacksea to inspect/debug/run shellcode.

Linguistic info: Kuymak is a regional meal of Turkey's Black Sea Region.

    __________________________________________________________________
   |         ...-...  .'\\   _   __                            _      |
   |      ./sh0mmm0hs+\  o  | | / /                           | |     |
   |    ./hmPS1SSSSSSm0y/:  | |/ / _   _ _   _ _ __ ___   __ _| | __  |
   |    +mq00000000000pm+   |    \| | | | | | | '_ ` _ \ / _` | |/ /  |
   |   .mq0001010011000pm.  | |\  \ |_| | |_| | | | | | | (_| |   <   |
 +=|   .mq0001000011000pm.  \_| \_/\__,_|\__, |_| |_| |_|\__,_|_|\_\  |=+
 | |    +mq00101010000pm+                 __/ |                       | |
 | |   //yomooooooooom0+.                |___/ github.com/blue-devil/ | |
 | |   \  y+sh0mmm0hs/.                                               | |
 | |    `-'  '''-''' To kuymak or not to kuymak, that's the question! | |
 | |__________________________________________________________________| |
 |         ____________________________________________________         |
 |      -+| @author   : Blue DeviL <[email protected]>   |+-      |
 |     |  | @version  : 0.4.0                                  |  |     |
 +<===>+--| @date     : 06/05/2023                             |--+<===>+
       |  | @license  : GPLv3                                  |  |
        -+| @info     : Cross-platform shellcode runner        |+-
          |____________________________________________________|

KUYMAK v0.4.0

[*] USAGE:
        kuymak -b shellcode.bin
        kuymak -c "\x0f\x01\xf8\xe8\x05\x00\x00\x00\x0f\x01\xf8\x48\xcf"

[*] Options:
        -b      shellcode as a binary
        -c      shellcode as char array (not implemented yet)
        -h      prints this help

Usage

Save your shellcode as a binary file. You can use HxD, xxd or use your favourite editor. Then give this shellcode binary with parameter -b.

kuymak -b shellcode.bin

You can run your shellcode with "\x" specifier directly from command line:

kuymak -c "\x48\x83\xEC\x28\x48 <snipped> \x00\x48\x8D"

Requirements

You only need GCC to build Kuymak.

• Linux
  • Arch Linux/Manjaro: sudo pacman -S base-devel
  • Pisi GNU/Linux: sudo pisi it gcc
  • Fedora: sudo dnf install gcc-c++ make
  • Debian/Kali/Ubuntu: sudo apt install build-essential
• macOS
  • Open terminal and run this command: xcode-select --install
• Windows
  1. Install Mingw-w64 via MSYS2. Download the installer and install it.
  2. Alternatively you can use winget: winget install -e --id msys2.msys2
  3. After installation fire up MSYS2 shell and run: pacman -S --needed base-devel mingw-w64-x86_64-toolchain

Building

If you have GCC on your system building is very straightforward:

LINUX:

gcc -Wall kuymak.c -o kuymak

WINDOWS:

Windows x86_64:

x86_64-w64-mingw32-gcc -Wall kuymak.c -o kuymak

Windows x86_32:

i686-w64-mingw32-gcc -Wall kuymak.c -o kuymak

APPLE:

gcc -Wall kuymak.c -o kuymak

TODO

• [x] Make a version for macOS(use __APPLE__ preprocessor expression)
• [x] Create a shellcode runner
• [x] Ask user if he/she wants to run shellcode or not
• [ ] Get rid of unistd+getopt dependency
• [ ] Can we compile it with cl? Look for a workaround
• [x] Add changelog
• [x] Add, macOS "Hello, world!" shellcode
• [x] Publish releases
• [ ] Shellcode in a new thread; do we need that?
• [x] Add, linux "Hello, world!" shellcode
• [x] Publish prebuilt ARM binaries
• [x] Parse and execute shellcode from console
• [ ] Check if null bytes exist? And print info to user
• [ ] Can i add an option of printing objdump output of given shellcode
• [ ] Can i add an option of printing dumpbin output of given shellcode
• [ ] Add sample shell code of execve
• [ ] Add null-free sample shellcodes

Further Reading & Resources

Checkout other shellcode runner/debugger, pe2shellcode projects:

• BlobRunner
• Crab-Runner
• ShellcodeCompiler
• pe_to_shellcode
• PE2Shellcode
• Shellcode Tester

LICENSE

This project is licensed under GPLv3.