Last active
September 21, 2017 07:32
-
-
Save costastf/4639375098ef5dd9de59c06dd6c3b74f to your computer and use it in GitHub Desktop.
Legacy proof of concept code to extract the shell code of a binary
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
#-*- coding: UTF-8 -*- | |
# File: shellCodeExtract.py | |
# Copyright (c) 2011 by Costas Tyfoxylos | |
# | |
# GNU General Public Licence (GPL) | |
# | |
# This program is free software; you can redistribute it and/or modify it under | |
# the terms of the GNU General Public License as published by the Free Software | |
# Foundation; either version 2 of the License, or (at your option) any later | |
# version. | |
# This program is distributed in the hope that it will be useful, but WITHOUT | |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS | |
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more | |
# details. | |
# You should have received a copy of the GNU General Public License along with | |
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple | |
# Place, Suite 330, Boston, MA 02111-1307 USA | |
# | |
from subprocess import Popen, PIPE | |
import sys | |
import os | |
__author__ = 'Costas Tyfoxylos <costas.tyf@gmail.com>' | |
__docformat__ = 'plaintext' | |
__date__ = '17/05/2011' | |
class ShellCode(object): | |
def __init__(self, filename): | |
asm = self.__get_asm(filename) | |
if asm: | |
self.code, self.text = self.__get_shell_code(asm) | |
def __get_asm(self, filename): | |
if os.path.isfile(filename): | |
objdump = Popen(['which', 'objdump'], | |
stdout=PIPE).stdout.read().strip() | |
cmd = [objdump, '-d', fileName] | |
asm = Popen(cmd, stdout=PIPE).stdout.read() | |
return asm | |
else: | |
return False | |
def __get_shell_code(self, text): | |
shell_code = [] | |
opcodes = [] | |
shell_code_string = '' | |
shell_code_text = '' | |
text = text.split('<_start>:')[1].strip() | |
for line in text.splitlines(): | |
code = '' | |
current_line = line.lstrip() | |
if current_line and '>:' not in current_line: | |
bytes = current_line.split(':')[1].split() | |
for byte in bytes: | |
try: | |
int(byte,16) | |
shell_code.append(byte) | |
except ValueError: | |
opcodes.append(self.__format_to_size(byte, 6)) | |
for byte in shell_code: | |
code += r'\x' + byte | |
shell_code_text += self.__format_to_size('"' + code + '"', 30) + '\t// ' + ' '.join(opcodes) + '\n' | |
shell_code_string += code | |
shell_code = [] | |
opcodes = [] | |
shell_code_string = '"'+shell_code_string+'"' | |
shell_code_text = shell_code_text.splitlines() | |
shell_code_text[-1] = shell_code_text[-1].replace('" ', '";') | |
shell_code_text = '\n'.join(shell_code_text) | |
return shell_code_string, shell_code_text | |
def __format_to_size(self, string, length=28): | |
spaces = length - len(string) | |
string = string + (spaces * ' ') | |
return string | |
if __name__ == '__main__': | |
fileName = sys.argv[1] | |
shellCode = ShellCode(fileName) | |
if '00' in shellCode.code: | |
print 'Beware! Null bytes in shellcode. Please correct.' | |
print "\nShellcode text:" | |
print shellCode.text | |
print "\nShellcode string:" | |
print shellCode.code |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment