Real busy week at work this week, so just going to go over a simply simple binary to hex converter in Python for converting binary files to hex encoded strings (for use in shellcode, exploits, etc.).
First, the script:
# -*- coding: utf-8 -*- #!/usr/bin/env python if __name__ == "__main__": shellcode = "\"" ctr = 1 maxlen = 15 for b in open("win-exec-calc-shellcode.bin", "rb").read(): shellcode += "\\x" + b.encode("hex") if ctr == maxlen: shellcode += "\" +\n\"" ctr = 0 ctr += 1 shellcode += "\"" print shellcode
As you can see, it is great for situations like the win-exec-calc shellcode where they give you a binary or assembly and you need to easily convert it for your exploit.
Another case I tend to use this for fairly often is when I have a binary that will crash an application (either manually created or generated by a fuzzer). This allows me to more easily throw it into my exploits and/or modify it.
As I said, a short post and script this week, but hopefully a nice change from the boot2root walk-throughs.
The code and updates can always be found in my GitHub repository as well.
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.