Shellcode Factory tool

A tool to print and test shellcodes from assembly code.

It supports both Gas and Intel syntax (.s and .asm extensions respectively), as well as x86 and x64 architectures.

Usage:

make targets [parameters]

targets:

• build / assembly - will compile the assembly code from shellcode.s

• debug - debugs the assembly binary

• print / xxd / p - will print the shellcode in hex

• x / auto / a - will run the shellcode using a smashed stack

• sc_debug - will debug the shellcode called from a smashed stack

• set - will let you edit the source assembly code

• neg - will negate the shellcode, and prepend to it a 12-bytes-long decoder. It assumes the shellcode is reached right after a ret instruction

• xor_byte - will xor the shellcode with a random byte, and prepend to it an appropriate decoder (the decoder is 21-26 bytes long). It will try to avoid the bytes from the NO parameter.

• xor - will xor the shellcode with a random rotating word, and prepend to it an appropriate decoder (the decoder is 27-34 bytes long). It will try to avoid the bytes from the NO parameter.

• alphanumeric - will transform the shellcode into one using alphanumeric chars only (it needs to be reached right after a ret instruction for it to work)

• clean / c - removes generated files

parameters:

• ARCH=XX (default=32) XX-bit binaries (32 / 64)

• S=filename (default=shellcode.s) Source assembly filename.

• SC="\x31\xc0..." (ignored by default) Raw Input shellcode (overrides S parameter).

• NO="[0x...]" (default="[0x00, 0x20, 0x9, 0xa]") List of chars to avoid when xor-ing

• PAUSE=NO Disables the pause-before-execution security

• LANG=C Changes the formatting of the print command to use a C-style array of bytes

• SYNTAX=INTEL Changes the syntax used to display assembly source code

Examples:

• make print S=foo.asm SYNTAX=INTEL will print the shellcode from foo.asm with INTEL syntax

• make S=foo.s set c p x ARCH=64 will let you edit foo.s and will then hexdump it and attempt to run it (x64)

• make c print SC="\x31\xc0\x40\xcd\x80" will parse input shellcode into assembly instructions

• make c p sc_debug SC="\x31\xc0\x40\xcd\x80" will clean (recommended) then print and debug input shellcode

• make p S=foo.asm | grep -e x00 -e x20 is a useful trick to check for forbidden bytes (bytes 0x00 and 0x20 for instance)

• make p xor S=foo.asm NO="[0x00, 0x20]" xors the shellcode to avoid forbidden bytes

• make p alphanumeric S=foo.s generates an alphanumeric version of the shellcode

Requires:

1. gcc (as frontend) and nasm for GAS and INTEL syntax respectively (extensions .s and .asm)

2. gdb (I also recommend enhancing it with peda: https://github.com/longld/peda)

3. python (tested with 2.7.12)

4. cut

5. objdump (optional: you can set OBJDUMP to DISABLED in the Makefile)

6. ndisasm (optional: only needed when SYNTAX=INTEL)

7. nano (optional: set and put targets only, and you can replace the EDITOR=... line in the Makefile by your own editor)

8. pandoc & lynx (optional) : print a nicer help/usage message

9. GNU make of course