ShellNoob 1.0 - a shellcode writing toolkit
Today I'm really happy to publicly release ShellNoob (and to publish my first blog post :-))
During the many CTFs I played, there always has been the need to manually write some shellcode (yep, most of time Metasploit is not enough, even if you are lucky and you get a working shellcode...)
Now, writing shellcode is always super fun, but some parts are extremely boring and error prone. And after googling for the n-th time "how to
I bet that there are tons of similar scripts around the web, but I never found anything that had all the features I wanted. If you have suggestions, please ping me!
Alright, let's go to the meat. This is the list of features:
- convert shellcode between different formats (currently supported: asm, bin, hex, obj, exe, C, python, ruby, pretty)
- interactive opcode-to-binary conversion (and viceversa) mode. This is useful when you cannot use specific bytes in the shellcode.
- resolve syscall numbers and constants (not exactly implemented yet :-))
- portable: it only relies on gcc/as/objdump and python.
- easily deployable: it's just one python file!
- in-place development: you run ShellNoob directly on the target architecture!
- other options: prepend breakpoint, 32bit/64bit switch.
- read from stdin / write to stdout support (use "-" as filename)
Everything (i.e., the code, use cases, etc) is on github: https://github.com/reyammer/shellnoob
Check it out! Feedback, comments, and contributions are more than welcome!