Voici un petit article pour décrire un nouvel outil que j'ai crée. Il s'agit d'un script Perl sans prétention permettant d'automatiser la création, le test et le désassemblage de shellcodes.

Vous pouvez le trouver ici : sc-make

NAME

sc-make - Shellcode Maker - Tool for automating shellcodes creation

SYNOPSIS

sc-make [OPTIONS] file

OPTIONS

  • -t -test

    Test shellcode with strace.

  • -d -disassemble

    Disassemble the shellcode.

  • -o -out FORMAT

    Change the output format.

    Available format : c,perl,bash,asm,python. (default: perl)

  • -a -arch ARCH

    Specify the architecture (default: x86) Available arch: x86, arm

  • -b -bad STRING

    Specify the bad chars you don't want in shellcode. Example : -bad "\x00\x0a"

  • -h -help

    Print short help.

  • -i -info

    Print long help.

  • -v -version

    Print program version.

DESCRIPTION

This program is a simply tool for assembling, disassembling, and testing shellcodes.

Shellcodes must be wrote in ASM with NASM syntax.

VERSION

V1.0

AUTHOR

Written by Tosh

(duretsimon73 -at- gmail -dot- com)

LICENCE

This program is a free software. It is distrubued with the terms of the GPLv3 licence.

DEPENDS

These programs are needed to run correctly sc-make :

  • objdump
  • nasm
  • as
  • strace
  • gcc
  • perl

EXAMPLES

  • sc-make -o perl shellcode.asm # Print shellcode in Perl format

    # SHELLCODE LENGTH: 25

    my $shellcode = "\x31\xc0\x50\x6a\x68\x68\x2f\x62\x61\x73\x68\x2f" . "\x62\x69\x6e\x89\xe3\x89\xc1\x89\xc2\xb0\x0b\xcd" . "\x80";

  • sc-make -o python shellcode.asm # Print shellcode in Python format

    # SHELLCODE LENGTH: 25

    shellcode = ("\x31\xc0\x50\x6a\x68\x68\x2f\x62\x61\x73\x68\x2f" "\x62\x69\x6e\x89\xe3\x89\xc1\x89\xc2\xb0\x0b\xcd" "\x80");

  • sc-make -o asm shellcode.asm # Print shellcode in ASM format

    ;; SHELLCODE LENGTH: 25

    shellcode: db 0x31,0xc0,0x50,0x6a,0x68,0x68,0x2f,0x62,0x61,0x73,0x68,0x2f db 0x62,0x69,0x6e,0x89,0xe3,0x89,0xc1,0x89,0xc2,0xb0,0x0b,0xcd db 0x80

  • sc-make -t shellcode.asm # Test shellcode with strace

  • sc-make -d shellcode.asm # Disassemble shellcode with objdump

  • sc-make -b "\x00\x0a" # Print shellcode if it don't contain NUL and 0x0a byte

Voilà, si vous avez des retours à faire, des bugs à soumettre ou tout simplement des suggestions à faire, n'hésitez pas à poster vos commentaires.

Happy Hacking, -TOSH-