rcx / Shellcode_encoder
Licence: mit
x64 printable shellcode encoder
Stars: ✭ 109
Programming Languages
Labels
Projects that are alternatives of or similar to Shellcode encoder
Dennix
Dennix is a unix-like hobbyist operating system written from scratch.
Stars: ✭ 53 (-51.38%)
Mutual labels: x86-64
Nextcloudpi
📦 Build code for NextcloudPi: Raspberry Pi, Odroid, Rock64, Docker, curl installer...
Stars: ✭ 1,340 (+1129.36%)
Mutual labels: x86-64
Evoasm.rb
An AIMGP (Automatic Induction of Machine code by Genetic Programming) engine
Stars: ✭ 91 (-16.51%)
Mutual labels: x86-64
Binary Exploitation
Good to know, easy to forget information about binaries and their exploitation!
Stars: ✭ 47 (-56.88%)
Mutual labels: x86-64
X64dbg
An open-source x64/x32 debugger for windows.
Stars: ✭ 37,825 (+34601.83%)
Mutual labels: x86-64
Chrysalisp
Parallel OS, with GUI, Terminal, OO Assembler, Class libraries, C-Script compiler, Lisp interpreter and more...
Stars: ✭ 1,205 (+1005.5%)
Mutual labels: x86-64
Unisimd Assembler
SIMD macro assembler unified for ARM, MIPS, PPC and x86
Stars: ✭ 63 (-42.2%)
Mutual labels: x86-64
Mir
A light-weight JIT compiler based on MIR (Medium Internal Representation)
Stars: ✭ 1,075 (+886.24%)
Mutual labels: x86-64
Pyast64
Compile a subset of the Python AST to x64-64 assembler
Stars: ✭ 93 (-14.68%)
Mutual labels: x86-64
x64 printable shellcode encoder
Dependencies
- pwntools (
pip install pwntools) - z3 python bindings (
pip install z3-solver)
Usage
./main.py <shellcode file> <pointer to shellcode>
For the encoded shellcode to work it needs to be able to know where it will execute. This is done by passing the encoder a pointer to your shellcode. This should be an expression that is the address of the start of the shellcode in the victim's address space. For example, if rdx happens to point to your shellcode, use rdx. If the shellcode is always at 0x4001000, specify that. Etc. Also, if you want to use a negative offset you must use base+-offset. This is because I hacked the parser together really quickly.
Examples
./main.py shellcode.bin rcx./main.py shellcode.bin [rsp+-8]./main.py shellcode.bin 0x0123456789abcdef./main.py shellcode.bin rbp+5
Example output
$ python main.py shellcode.bin rax+0x150
Encoding stage2
488b0432 => 4863343a31343a53582d702835332d74205f5f35543c6f5f505e31343a57582d7c6f3f7e2d405042402d40407e41505f
480faf44 => 4863343a31343a53582d505040792d743020693574703059505e31343a57582d7c6f3f7e2d405042402d40407e41505f
32084889 => 4863343a31343a53582d244874202d5f606c20354f5f5736505e31343a57582d7c6f3f7e2d405042402d40407e41505f
043a83c7 => 4863343a31343a53582d402233402d706020203554472f58505e31343a57582d7c6f3f7e2d405042402d40407e41505f
0883c610 => 4863343a31343a53582d403346322d7020207e35582f5f5f505e31343a57582d7c6f3f7e2d405042402d40407e41505f
85c075e8 => 4863343a31343a53582d204775202d202160403545575f77505e31343a57582d7c6f3f7e2d405042402d40407e41505f
Multiply-encoding stage3
eb365f31c0040231 => 45375d7168724246 6f4047487268284e
f60f054889c76681 => 456453557d232227 7e3e7d2d6b72697d
ecff0f4889e648c7 => 615a285150304752 6c3f4c4848644a47
c2ff0f000031c00f => 4178757b577d6869 423f6f5f41715055
0531ff4080c70148 => 3d7d537e307c7458 694f37294a726258
89c231c0ffc00f05 => 41233b202b406267 497538523e77406d
31ff31c0043c0f05 => 43667e753a6f6443 7b5f2c5b2b444651
e8c5ffffff2f7072 => 51424b2d33383b23 68457d3f3f2b7076
6f632f666c616700 => 5d774b667832573f 3b553d6f4d7e5b55
Assembling jump at +408
Encoding preamble for rdx <- rax+0x150
[email protected]@>PZ
Original length: 72
Encoded length: 556
Preamble length: 29
Total length: 585
[email protected]>[email protected]~u:odC{_,[+DFQQBK-38;#hE}??+pv]wKfx2W?;U=oM~[U
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].