Binary to Hex Converter

Real busy week at work this week, so just going to go over a simply simple binary to hex converter in Python for converting binary files to hex encoded strings (for use in shellcode, exploits, etc.).

First, the script:

# -*- coding: utf-8 -*-

#!/usr/bin/env python
if __name__ == "__main__":
 
	shellcode = "\""
	ctr = 1
	maxlen = 15
 
	for b in open("win-exec-calc-shellcode.bin", "rb").read():
		shellcode += "\\x" + b.encode("hex")
		if ctr == maxlen:
			shellcode += "\" +\n\""
			ctr = 0
		ctr += 1
	shellcode += "\""
	print shellcode

As you can see, it is great for situations like the win-exec-calc shellcode where they give you a binary or assembly and you need to easily convert it for your exploit.

Another case I tend to use this for fairly often is when I have a binary that will crash an application (either manually created or generated by a fuzzer). This allows me to more easily throw it into my exploits and/or modify it.

As I said, a short post and script this week, but hopefully a nice change from the boot2root walk-throughs.

The code and updates can always be found in my GitHub repository as well.

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Principal Penetration Testing Consultant for Secureworks. His previous position was a Senior Penetration Tester for a major financial institution.

When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.