ShellBlade

Download (7z)

A shellcode extracting tool.

ShellBlade prints shellcode in C, nasm and raw formats and warns of the presence of null bytes.

Let me run you through an example to see how ShellBlade works. First, open a file called morning.s and enter the following code:

BITS 32
section .code
        global _start

_start:
        xor eax, eax
        xor ebx, ebx
        xor ecx, ecx
        xor edx, edx
        push 0x0a
        push 0x21676e69
        push 0x6e726f4d
        mov ecx, esp
        mov dl, 9
        mov bl, 1
        mov al, 0x4
        int 0x80

        mov al, 0x1
        int 0x80

Next, we will use nasm to assemble the previous code into an object file. ShellBlade expects raw object files stripped of any symbols. To produce such a file, we call nasm as shown below:

nasm morning.s -o morning.code

Notice we haven't passed the usual -f elf option. Nasm will assemble the code and dump it in the file morning.code. This is the file shellblade expects. I like to assemble into a .code file to distinguish it from regular object files.

To print our shellcode in C format, issue the following command:

shellblade -c morning.code

You should see something like the following:

/* Extracted shellcode (34 bytes): */
char shellcode[] =
    \x31\xc0\x31\xdb\x31\xc9\x31\xd2\x6a\x0a\x68\x69\x6e\x67\x21
    \x68\x4d\x6f\x72\x6e\x89\xe1\xb2\x09\xb3\x01\xb0\x04\xcd\x80
    \xb0\x01\xcd\x80;

To run the shellcode, just pass the -e option to the program:

$ shellblade -e morning.code
Executing shellcode...
Morning!