A shellcode extracting tool.
ShellBlade prints shellcode in C, nasm and raw formats and warns of the presence of null bytes.
Let me run you through an example to see how ShellBlade works. First, open a file called morning.s and enter the following code:
BITS 32 section .code global _start _start: xor eax, eax xor ebx, ebx xor ecx, ecx xor edx, edx push 0x0a push 0x21676e69 push 0x6e726f4d mov ecx, esp mov dl, 9 mov bl, 1 mov al, 0x4 int 0x80 mov al, 0x1 int 0x80
Next, we will use nasm to assemble the previous code into an object file.
ShellBlade expects raw object
files stripped of any symbols. To produce such a file, we call nasm as shown below:
nasm morning.s -o morning.code
Notice we haven't passed the usual -f elf option. Nasm will assemble the code and dump it in the file morning.code. This is the file shellblade expects. I like to assemble into a .code file to distinguish it from regular object files.
To print our shellcode in C format, issue the following command:
shellblade -c morning.code
You should see something like the following:
/* Extracted shellcode (34 bytes): */ char shellcode = \x31\xc0\x31\xdb\x31\xc9\x31\xd2\x6a\x0a\x68\x69\x6e\x67\x21 \x68\x4d\x6f\x72\x6e\x89\xe1\xb2\x09\xb3\x01\xb0\x04\xcd\x80 \xb0\x01\xcd\x80;
To run the shellcode, just pass the -e option to the program:
$ shellblade -e morning.code Executing shellcode... Morning!