- Notifications
You must be signed in to change notification settings - Fork4
Dynamic and extensible shell code generator with multiple output types which can be formatted in binary, hexadecimal, and the typical shellcode output standard.
License
jasondrawdy/ShellGen
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
ShellGen is a dynamic shell code generator with multiple output types which can be formatted in binary, hexadecimal, and the typical shellcode output standard. Outputs are also able to be encrypted and shellcode can be generated by either reading all of the bytes of a particular file or a byte array, whether that's embedded, or again, read in from a filestream. The generated output is structured in what is called aShell and contains a few properties:
- ID// The alphanumeric value assigned to the generated shell for easy maintainability.
- Code// The actual plainbyte/encrypted byte code of a specified file or raw bytes.
- Error// Any caught exception if anything goes wrong during generation.
AShell also has a serializable property allowing the ability to serialize the entire structure to a file or byte array instead of copying individual components of the generated shell object.
- .NET Framework 4.6.1
- Generate shellcode from a file or byte array
- Multiple output types for generated shellcode
- Plainbyte
- Hexadecimal
- Shellcode (standard)
- Generate unique IDs for all generated shells
- Encode bytes using Base64
- Serialize generated shells to a file or byte array
This example shows how to generate a shellcodeShell object both with and without encryption and how to serialize the object into a byte array for later usage or for saving to a file — which we will do here — for later retrieval.
usingSystem;usingSystem.IO;usingSystem.Text;usingSystem.Runtime.Serialization.Formatters.Binary;usingShellGen;namespaceExample{classProgram{publicstaticvoidMain(string[]args){// Get the bytes of a message.varmessage="Hello, World! This is an example message!";varmessageBytes=Encoding.UTF8.GetBytes(message);// Generate a standard shell without encryption.ShellstandardShell=ShellGenerator.GenerateShell(messageBytes,FormatType.Shellcode);Console.WriteLine("A shell has been generated!");// Generate a plainbyte shell without encryption.ShellplainShell=ShellGenerator.GenerateShell(messageBytes,FormatType.Plain);Console.WriteLine("A plainbyte shell has been generated!");// Generate a hexadecimal shell without encryption.ShellhexShell=ShellGenerator.GenerateShell(messageBytes,FormatType.Hex);Console.WriteLine("A hexadecimal shell has been generated!");// Generate a shell with encryption.ShellencryptedShell=ShellGenerator.GenerateShell(messageBytes,FormatType.Shellcode,"SomeSecurePassword");Console.WriteLine("An encrypted shell has been generated!");// Serialize one or more shell to a file.varserializedBytes=Serialize(encryptedShell);if(serializedBytes!=null){File.WriteAllBytes("PathForDestinationFile",serializedBytes);Console.WriteLine("Shell has been saved!");}// Wait for user interaction.Console.Read();}/// <summary>/// Serializes an object that has the <see cref="SerializableAttribute"/> attached./// </summary>/// <param name="obj">The object to be serialized to bytes.</param>publicstaticbyte[]Serialize(objectobj){try{varbf=newBinaryFormatter();varms=newMemoryStream();bf.Serialize(ms,obj);returnms.ToArray();}catch{returnnull;}}}}
The plaintext output of the standard generated shell given in the example should be expected to look like the following:
unsignedcharshellcode[]={0x53,0x47,0x56,0x73,0x62,0x47,0x38,0x73,0x49,0x46,0x64,0x76,0x63,0x6D,0x78,0x6B,0x49,0x53,0x42,0x55,0x61,0x47,0x6C,0x7A,0x49,0x47,0x6C,0x7A,0x49,0x47,0x46,0x75,0x49,0x47,0x56,0x34,0x59,0x57,0x31,0x77,0x62,0x47,0x55,0x67,0x62,0x57,0x56,0x7A,0x63,0x32,0x46,0x6E,0x5A,0x53,0x45,0x3D};unsignedint size=56
Icon:Freepik
https://www.flaticon.com/authors/freepik
Encryption:sdrapkin
https://github.com/sdrapkin/SecurityDriven.Inferno
Copyright © ∞ Jason Drawdy
All rights reserved.
The MIT License (MIT)
Permission is hereby granted, free of charge, to any person obtaining a copyof this software and associated documentation files (the "Software"), to dealin the Software without restriction, including without limitation the rightsto use, copy, modify, merge, publish, distribute, sublicense, and/or sellcopies of the Software, and to permit persons to whom the Software isfurnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in allcopies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS ORIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHERLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS INTHE SOFTWARE.
Except as contained in this notice, the name of the above copyright holdershall not be used in advertising or otherwise to promote the sale, use orother dealings in this Software without prior written authorization.