


Because sometimes you just need shellcode and opcodes quickly. This essentially just wraps some nasm/objdump calls into a neat script.

bryan@devbox:~/shellme$ python shellme.py 
usage: shellme.py [-h] [-n FILE] [-o OUTPUT] [-i INSTRUCTION] [-a ARCH]

optional arguments:
  -h, --help      show this help message and exit
  -n FILE         nasm or object file
  -o OUTPUT       output file
  -i INSTRUCTION  instruction
  -a ARCH         architecture [elf/elf64]
bryan@devbox:~/shellme$ cat test.nasm
Section .text
	global _start

	mov ebx,0
	mov eax,1
	int 0x80

	xor eax,0
	xor ecx,0
	xor ebx,0
	push ebp
	sub esp,8
bryan@devbox:~/shellme$ python shellme.py -n test.nasm
[+] Encoded:
bryan@devbox:~/shellme$ python shellme.py -n test64.o -a elf64
[+] Encoded:

And stuff on the fly if you need it:

bryan@devbox:~/shellme$ python shellme.py -i 'jmp rbp' -a elf64
[+] Encoded:
bryan@devbox:~/shellme$ python shellme.py -i 'add rsp,4\njmp rsp' -a elf64
[+] Encoded:
bryan@devbox:~/shellme$ python shellme.py -i 'add ebp,4\njmp ebp'
[+] Encoded:
bryan@devbox:~/shellme$ python shellme.py -i 'mov eax,15\nadd ebp,eax\nxor eax,eax\njmp ebp'
[+] Encoded:

And compiled elfs:

bryan@devbox:~/shellme$ cat test.c
#include <stdio.h>
int main(){
	char *tmp[2];
	tmp[0] = "/bin/sh";
	tmp[1] = NULL;
	execve(tmp[0], &tmp, NULL);
bryan@devbox:~/shellme$ gcc test.c -o test
bryan@devbox:~/shellme$ python shellme.py -n test
[+] Encoded: