Binary to Hex Converter

Real busy week at work this week, so just going to go over a simply simple binary to hex converter in Python for converting binary files to hex encoded strings (for use in shellcode, exploits, etc.).

First, the script:

# -*- coding: utf-8 -*-

#!/usr/bin/env python
if __name__ == "__main__":
 
	shellcode = "\""
	ctr = 1
	maxlen = 15
 
	for b in open("win-exec-calc-shellcode.bin", "rb").read():
		shellcode += "\\x" + b.encode("hex")
		if ctr == maxlen:
			shellcode += "\" +\n\""
			ctr = 0
		ctr += 1
	shellcode += "\""
	print shellcode

As you can see, it is great for situations like the win-exec-calc shellcode where they give you a binary or assembly and you need to easily convert it for your exploit.

Another case I tend to use this for fairly often is when I have a binary that will crash an application (either manually created or generated by a fuzzer). This allows me to more easily throw it into my exploits and/or modify it.

As I said, a short post and script this week, but hopefully a nice change from the boot2root walk-throughs.

The code and updates can always be found in my GitHub repository as well.

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.

When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.

Common passed on this blog, I made it to a jam.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.