Advertisement
opexxx

shellme.py

Mar 21st, 2014
228
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.81 KB | None | 0 0
  1. from commands import getoutput
  2. from argparse import ArgumentParser
  3. from os import system
  4. import sys
  5.  
  6. """Lazy mans shellcode maker.  Wraps nasm/objdump stuff.
  7. """
  8.  
  9. def check():
  10.     """i need nasm/objdump"""
  11.     found = True
  12.     if getoutput("which nasm") == '':
  13.         found = False
  14.     elif getoutput("which objdump") == '':
  15.         found = False
  16.     return found
  17.  
  18. def get_output(inf,arch='elf'):
  19.     """format into a string of bytes"""
  20.     output = ''
  21.     if '.nasm' in inf:
  22.         tmp = getoutput("nasm -f %s %s"%(arch,inf))
  23.         if 'error' in tmp:
  24.             print '[-] Error in your asm: ', tmp
  25.             sys.exit(1)
  26.         inf = inf.replace(".nasm", ".o")
  27.     tmp = getoutput("objdump -d %s"%inf)
  28.    
  29.     opcodes = ''
  30.     for line in tmp.split('\n')[7:]:
  31.         tmp = line.split(':',1)
  32.         if len(tmp) > 1 and len(tmp[1]) > 0: tmp = tmp[1]
  33.         else: continue
  34.  
  35.         # split on tab to get opcodes
  36.         tmp = ''.join(tmp).split('\t')
  37.         if len(tmp) > 1: tmp = tmp[1].strip().replace(' ','')
  38.         if '<' in tmp: continue
  39.         opcodes += tmp
  40.     return opcodes
  41.  
  42. def encode(lbyte):
  43.     """Take the opcode string and insert \\x's.  
  44.        I'll add in fancy encoding and output
  45.        formatting eventually.
  46.     """
  47.     formatted_lbyte = ''.join(["\\x"+lbyte[idx]+lbyte[idx+1] for idx in range(0,len(lbyte)-1,2)])
  48.     return formatted_lbyte
  49.  
  50. def format_output(dmp,width=8):
  51.     """Input should just be a stream of formatted hex bytes
  52.        i.e. \\x05\\x06\\x07...
  53.        Returns this truncated into columns with a width of width
  54.     """
  55.     dmp = dmp.split('\\x')[1:]
  56.     return '\\x'+'\n\\x'.join(['\\x'.join(dmp[i:i+width]) for i in range(0,len(dmp),width)])
  57.  
  58. def compile_instruction(instruction,arch='elf'):
  59.     """Compile a single instruction and return opcodes"""
  60.     with open('/tmp/tmp-me.nasm', 'w+') as f:
  61.         f.write(instruction.decode('string-escape')+'\n')
  62.     ops = encode(get_output('/tmp/tmp-me.nasm',arch))
  63.     system('rm -f /tmp/tmp-me.nasm /tmp/tmp-me.o')
  64.     return ops
  65.  
  66. def run(options):
  67.     """encode/dump"""
  68.     if options.inf:
  69.         dmp = encode(get_output(options.inf,options.arch))
  70.     elif options.instruction:
  71.         dmp = compile_instruction(options.instruction,options.arch)
  72.  
  73.     print '[+] Encoded:\n', format_output(dmp)
  74.     if options.output:
  75.         with open(options.output, 'w') as f:
  76.             f.write(format_output(dmp))
  77.  
  78. def arguments():
  79.     """Handle cli"""
  80.     parser = ArgumentParser()
  81.     parser.add_argument('-n',help='nasm or object file',metavar='FILE',action='store',dest='inf')
  82.     parser.add_argument('-o',help='output file',action='store',dest='output')
  83.     parser.add_argument('-i',help='instruction',action='store',dest='instruction')
  84.     parser.add_argument('-a',help='architecture [elf/elf64]',action='store',dest='arch',default='elf')
  85.  
  86.     if len(sys.argv) < 2:
  87.         parser.print_help()
  88.         sys.exit(1)
  89.  
  90.     return parser.parse_args() 
  91.  
  92. if __name__=="__main__":   
  93.     if not check():
  94.         print '[-] I need objdump and nasm'
  95.         sys.exit(1)
  96.     run(arguments())
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement