Awesome

BufferOverflow-Kit

We collect many tools used in buffer overflow development in one place, repeating with new idea is not a shame - thanks China :) If you are a buffer overflow guy, then may you like to contribute and develop with us ALL your tools in ONE place.

What BufferOverflow Kit contain?

• Commandline base.
• pattern create (like metasploit pattern_create script)
• pattern offset (like metasploit pattern_offset script)
• Hex to Little endian chracter (ex. \x41\x\42\x\43\x44 to \x44\x43\x42\x41)
• Convert Hex shellcode to Binary file
• Convert Binary file to Hex raw
• Find jmp,call and pop pop ret address from (exe, dll) files (like msfpescan)
• and more will be added,,

How to use?

Make sure ruby is installed. Tested on Ruby 1.9.3 only

Required gems

gem install colorize

Help

Usage: ruby bofk-cli.rb {OPTIONS} ARGUMENT

Help menu:
	-c, --pattern-create LENGTH      Create Unique pattern string.
	-o, --pattern-offset OFFSET      Find Pattern offset string.
	-l, --pattern-length LENGTH      Only used with 'pattern-offset' if pattern was longer than 20280.
	-e, --hex2lend OPCODE            Convert Hex to little endian characters.
	-b, --hex2bin                    Convert Hex shellcode to binary file.
	-x, --bin2hex BINARY_FILE        Convert binary shellcode to Hex string.
	-t, --type TYPE                  Used with 'bin2hex' & 'pattern-create'. Types: ruby, perl, python, c.
	-v, --version                    Display Buffer Overflow Kit version.
	-u, --update					 Update Buffer Overflow Kit.
	-h, --help                       Display help screen 

External tools - bin/
[-] hex2bin.rb   Hex to Binary file - BoFkit.
[-] nasm.exe     Assembler and disassembler.
[-] mona.py      Immunity debugger plugin - Corelan team.

Examples:
ruby bofk-cli.rb --pattern-create 500
ruby bofk-cli.rb --pattern-offset Aa4Z
ruby bofk-cli.rb --pattern-offset Zu2Z --pattern-length 40000
ruby bofk-cli.rb --hex2lend 0x41F2E377
ruby bofk-cli.rb --hex2bin
ruby bofk-cli.rb --bin2hex input.bin

Pattern create Without output format

bofk-cli.rb --pattern-create 400
Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag6Ag7Ag8Ag9Ah0Ah1Ah2Ah3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai3Ai4Ai5Ai6Ai7Ai8Ai9Aj0Aj1Aj2Aj3Aj4Aj5Aj6Aj7Aj8Aj9Ak0Ak1Ak2Ak3Ak4Ak5Ak6Ak7Ak8Ak9Al0Al1Al2Al3Al4Al5Al6Al7Al8Al9Am0Am1Am2Am3Am4Am5Am6Am7Am8Am9An0An1An2A

Support output format (Available formats: Ruby, Perl, Python, C)

bofk-cli.rb --pattern-create 200 --type perl

"Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2A" .
"d3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag" .
"6Ag7Ag8Ag9Ah0Ah1Ah2Ah3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai3Ai4Ai5Ai6Ai7Ai8Ai9Aj0Aj1Aj2Aj3Aj4Aj5Aj6Aj7Aj8Aj9" .
"Ak0Ak1Ak2Ak3Ak4Ak5Ak6Ak7Ak8Ak9Al0Al1Al2Al3Al4Al5Al6Al7Al8Al9Am0Am1Am2Am3Am4Am5Am6Am7Am8Am9An0An1An2A";

Pattern offset

ruby bofk-cli.rb --pattern-offset GAa0
27

Convert to little endian

ruby bofk-cli.rb -e \x41\x\42\x\43\x44
\x44\x43\x42\x41

Convert Binary file to hex string Without output format

ruby bofk-cli.rb --bin2hex out.bin

# Outputs
\xdb\xc1\xbe\x8e\x0c\xae\x5a\xd9\x74\x24\xf4\x5f\x33\xc9\xb1\x56\x83\xc7\x04\x31\x77\x14\x03\x77\x9a\xee\x5b\xa6\x4a\x67\xa3\x57\x8a\x18\x2d\xb2\xbb\x0a\x49\xb6\xe9\x9a\x19\x9a\x01\x50\x4f\x0f\x92\x14\x58\x20\x13\x92\xbe\x0f\xa4\x12\x7f\xc3\x66\x34\x03\x1e\xba\x96\x3a\xd1\xcf\xd7\x7b\x0c\x3f\x85\xd4\x5a\xed\x3a\x50\x1e\x2d\x3a\xb6\x14\x0d\x44\xb3\xeb\xf9\xfe\xba\x3b\x51\x74\xf4\xa3\xda\xd2\x25\xd5\x0f\x01\x19\x9c\x24\xf2\xe9\x1f\xec\xca\x12\x2e\xd0\x81\x2c\x9e\xdd\xd8\x69\x19\x3d\xaf\x81\x59\xc0\xa8\x51\x23\x1e\x3c\x44\x83\xd5\xe6\xac\x35\x3a\x70\x26\x39\xf7\xf6\x60\x5e\x06\xda\x1a\x5a\x83\xdd\xcc\xea\xd7\xf9\xc8\xb7\x8c\x60\x48\x12\x63\x9c\x8a\xfa\xdc\x38\xc0\xe9\x09\x3a\x8b\x65\xfe\x71\x34\x76\x68\x01\x47\x44\x37\xb9\xcf\xe4\xb0\x67\x17\x0a\xeb\xd0\x87\xf5\x13\x21\x81\x31\x47\x71\xb9\x90\xe7\x1a\x39\x1c\x32\x8c\x69\xb2\xec\x6d\xda\x72\x5c\x06\x30\x7d\x83\x36\x3b\x57\xb2\x70\xf5\x83\x97\x16\xf4\x33\x02\x54\x71\xd5\x46\x8a\xd4\x4d\xfe\x68\x03\x46\x99\x93\x61\xfa\x32\x04\x3d\x14\x84\x2b\xbe\x32\xa7\x80\x16\xd5\x33\xcb\xa2\xc4\x44\xc6\x82\x8f\x7d\x81\x59\xfe\xcc\x33\x5d\x2b\xa6\xd0\xcc\xb0\x36\x9e\xec\x6e\x61\xf7\xc3\x66\xe7\xe5\x7a\xd1\x15\xf4\x1b\x1a\x9d\x23\xd8\xa5\x1c\xa1\x64\x82\x0e\x7f\x64\x8e\x7a\x2f\x33\x58\xd4\x89\xed\x2a\x8e\x43\x41\xe5\x46\x15\xa9\x36\x10\x1a\xe4\xc0\xfc\xab\x51\x95\x03\x03\x36\x11\x7c\x79\xa6\xde\x57\x39\xd6\x94\xf5\x68\x7f\x71\x6c\x29\xe2\x82\x5b\x6e\x1b\x01\x69\x0f\xd8\x19\x18\x0a\xa4\x9d\xf1\x66\xb5\x4b\xf5\xd5\xb6\x59

Support output format (Available formats: Ruby, Perl, Python, C)

ruby bofk-cli.rb --bin2hex out.bin --type ruby

# Outputs
"\xda\xd0\xd9\x74\x24\xf4\x5e\x2b\xc9\xb1\x56\xbf\x9d\x28\xd0" +
"\x22\x83\xee\xfc\x31\x7e\x14\x03\x7e\x89\xca\x25\xde\x59\x83" +
"\xc6\x1f\x99\xf4\x4f\xfa\xa8\x26\x2b\x8e\x98\xf6\x3f\xc2\x10" +
"\x7c\x6d\xf7\xa3\xf0\xba\xf8\x04\xbe\x9c\x37\x95\x0e\x21\x9b" +
"\x55\x10\xdd\xe6\x89\xf2\xdc\x28\xdc\xf3\x19\x54\x2e\xa1\xf2" +
"\x12\x9c\x56\x76\x66\x1c\x56\x58\xec\x1c\x20\xdd\x33\xe8\x9a" +
"\xdc\x63\x40\x90\x97\x9b\xeb\xfe\x07\x9d\x38\x1d\x7b\xd4\x35" +
"\xd6\x0f\xe7\x9f\x26\xef\xd9\xdf\xe5\xce\xd5\xd2\xf4\x17\xd1" +
"\x0c\x83\x63\x21\xb1\x94\xb7\x5b\x6d\x10\x2a\xfb\xe6\x82\x8e" +
"\xfd\x2b\x54\x44\xf1\x80\x12\x02\x16\x17\xf6\x38\x22\x9c\xf9" +
"\xee\xa2\xe6\xdd\x2a\xee\xbd\x7c\x6a\x4a\x10\x80\x6c\x32\xcd" +
"\x24\xe6\xd1\x1a\x5e\xa5\xbd\xef\x6d\x56\x3e\x67\xe5\x25\x0c" +
"\x28\x5d\xa2\x3c\xa1\x7b\x35\x42\x98\x3c\xa9\xbd\x22\x3d\xe3" +
"\x79\x76\x6d\x9b\xa8\xf6\xe6\x5b\x54\x23\xa8\x0b\xfa\x9b\x09" +
"\xfc\xba\x4b\xe2\x16\x35\xb4\x12\x19\x9f\xc3\x14\xd7\xfb\x80" +
"\xf2\x1a\xfc\x33\xb0\x92\x1a\x51\xa6\xf2\xb5\xcd\x04\x21\x0e" +
"\x6a\x76\x03\x22\x23\xe0\x1b\x2c\xf3\x0f\x9c\x7a\x50\xa3\x34" +
"\xed\x22\xaf\x80\x0c\x35\xfa\xa0\x47\x0e\x6d\x3a\x36\xdd\x0f" +
"\x3b\x13\xb5\xac\xae\xf8\x45\xba\xd2\x56\x12\xeb\x25\xaf\xf6" +
"\x01\x1f\x19\xe4\xdb\xf9\x62\xac\x07\x3a\x6c\x2d\xc5\x06\x4a" +
"\x3d\x13\x86\xd6\x69\xcb\xd1\x80\xc7\xad\x8b\x62\xb1\x67\x67" +
"\x2d\x55\xf1\x4b\xee\x23\xfe\x81\x98\xcb\x4f\x7c\xdd\xf4\x60" +
"\xe8\xe9\x8d\x9c\x88\x16\x44\x25\xb8\x5c\xc4\x0c\x51\x39\x9d" +
"\x0c\x3c\xba\x48\x52\x39\x39\x78\x2b\xbe\x21\x09\x2e\xfa\xe5" +
"\xe2\x42\x93\x83\x04\xf0\x94\x81"

Convert Binary file to hex string

You can paste any kind of fromat(Ruby, Perl, Python, C)

ruby bofk-cli.rb --hex2bin

# Outputs
[+] Paste your shellcode then press ctrl+x

[+] Hex string has been saved in file name: .shellcode.txt

[+] Binary file name:  shellcode
[+] Binary file size:  368 bytes.