Vulnerability Development mailing list archives

RE: extracting shellcode from a execve binary.

From: "Simon N. Thornton" <sthornton () imcn net>
Date: Tue, 18 Sep 2001 09:24:15 +0100

Hi KF,

KF> does anyone have any tips for getting the shellcode in \x41\x41\x41\x41
format.

A quick and dirty method you could use is hexdump (there are more elegant
methods):

hexdump -e '8/1 "|x%02x, " "\n"' filename | sed -e 's/|/\\/g' -e 's/, \\x
,//g'

or,

cat filename | hexdump -e '8/1 "|x%02x, " "\n"' | sed -e 's/|/\\/g' -e 's/,
\\x  ,//g'

or,

cat filename | hexdump -e '16/1 "|x%02x" "\n"' | sed -e 's/|/\\/g' -e 's/\\x
//g'

where 'filename' is the file you want to convert to hex.

If you can figure the syntax for embedding a '\' character in the hexdump
format string you could dispense with the sed post processing sequence. The
following sequence DOESN'T work for me:

        cat filename | hexdump -e '8/1 "\\x%02x, " "\n"'


Rgds,


Simon

Current thread:

extracting shellcode from a execve binary. KF (Sep 17)
- Re: extracting shellcode from a execve binary. corecode (Sep 17)
- RE: extracting shellcode from a execve binary. Simon N. Thornton (Sep 18)