Simple utility that will generate Linux x86 shellcode from provided text.
8f5e0de853ec45a6ed5484d10e28fb3854b1f9fe91fb9937f26a01d6e7b7e7b8
/*
** write() shellcode tool (linux x86)
**
** This utility will generate linux x86 shellcode
** that will display your custom text.
**
** NOTE: If hex code fails try convert generated asm code
** into hex.
**
** copyright (c) 2004 konewka <konewka@ffs.ath.cx>
** www.priv8security.com
*/
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#define RED "\033[01;31m"
#define NORM "\033[00;00m"
#define WRITE_CALL 04
#define EXIT_CALL 01
void usage(char *progname);
void asm_code(char *str, int size);
void hex_code(char *str, int size);
void clear_int(int inc[], int size);
int new_line = 1,
do_asm = 0;
void usage(char *progname) {
printf("["RED"+"NORM"] write() shellcode tool -linux x86- (www.priv8security.com)\n");
printf("\nusage: %s [options] <-s string>\n", progname);
printf("\t-s \tstring to use in shellcode\n");
printf("\t-a \tcreate assembler code\n");
printf("\t-n \tdo not add new line at the end\n\n");
exit(0);
}
void clear_int(int inc[], int size) {
int i;
for (i=0;i<=size;i++)
inc[i] = 0;
}
void hex_code(char *str, int size) {
int i, j, hex[3];
printf("char *shellcode = ");
printf("\"\\x31\\xdb\\x31\\xc9\\x31\\xd2\\xb2\\x%02x\"\n", size);
printf("\t\"\\x51");
for (i=size,j=-1;i>=0;) {
hex[j++] = str[i--];
if (j >= 4) {
printf("\\x68\\x%02x\\x%02x\\x%02x\\x%02x", hex[3], hex[2], hex[1], hex[0]);
clear_int(hex, 3);
j = 0;
}
}
if (j)
printf("\\x68\\x%02x\\x%02x\\x%02x\\x%02x", hex[3], hex[2], hex[1], hex[0]);
printf("\"\n\t\"\\x89\\xe1\\x31\\xc0\\xb0\\x%02x\\xcd\\x80\\x31\\xdb\\xb0\\x%02x\"\n", WRITE_CALL, EXIT_CALL);
printf("\t\"\\xcd\\x80\";\n");
printf("\nint main(void) {\n");
printf("\tint *ret;\n\n");
printf("\tret = (int *)&ret + 2;\n");
printf("\t*ret = (int)shellcode;\n}\n");
}
void asm_code(char *str, int size) {
int i, j, hex[3];
printf("int main(void) {\n");
printf("asm(\"\n");
printf("\txor %%ebx,%%ebx\n\txor %%ecx,%%ecx\n\txor %%edx,%%edx\n");
printf("\tmov $0x%x,%%%s\n", size, (size > 255) ? "dx" : "dl");
printf("\tpush %%ecx\n");
for (i=size,j=-1;i>=0;) {
hex[j++] = str[i--];
if (j >= 4) {
printf("\tpush $0x%02x%02x%02x%02x\n", hex[0], hex[1], hex[2], hex[3]);
clear_int(hex, 3);
j = 0;
}
}
if (j)
printf("\tpush $0x%02x%02x%02x%02x\n", hex[0], hex[1], hex[2], hex[3]);
printf("\tmov %%esp,%%ecx\n");
printf("\txor %%eax,%%eax\n");
printf("\tmov $0x%02x,%%al\n", WRITE_CALL);
printf("\tint $0x80\n");
printf("\txor %%ebx,%%ebx\n");
printf("\tmov $0x%02x,%%al\n", EXIT_CALL);
printf("\tint $0x80\");\n");
printf("}\n");
}
int main(int argc, char *argv[]) {
char *string = NULL;
int opt;
while ((opt = getopt(argc, argv, "anhs:")) != EOF) {
switch (opt) {
case 'n':
new_line = 0;
break;
case 'h':
usage(argv[0]);
break;
case 'a':
do_asm = 1;
break;
case 's':
if (strlen(optarg) >= 4096) {
printf("["RED"!"NORM"] entered string is too long\n");
return -1;
}
if (!(string = (char *)calloc(strlen(optarg), sizeof(char)))) {
printf("["RED"!"NORM"] cannot allocate memory for buffer\n");
return -1;
}
strncpy(string, optarg, strlen(optarg));
break;
default:
break;
}
}
if (!string)
usage(argv[0]);
if (strlen(string)%4)
printf("["RED"!"NORM"] WARNING: string should contain 4,8,16.. characters to avoid NULLs\n");
if (new_line)
strncat(string, "\n", strlen(string));
if (do_asm)
asm_code(string, strlen(string));
else
hex_code(string, strlen(string));
return 0;
}