def convert(shellcode):
shellcode = shellcode.replace('\n\n', '\n').replace('\n\n', '\n').replace(
' ', ' ').replace(' ', ' ').replace(' ', ' ')
for data in replace_values_static:
shellcode = shellcode.replace(data, replace_values_static[data])
new_shellcode = shellcode.rsplit('\n')
last = 0
for line in new_shellcode:
if 'push $0x' in line:
if len(line) is 15:
if _version is 2:
rep = str('68') + stack.st(
str(
binascii.a2b_hex(
str('0') + str(line.rsplit('$0x')[1]))))
if _version is 3:
rep = str('68') + stack.st(
str(
binascii.a2b_hex(
str('0') + line.rsplit('$0x')[1].encode(
'latin-1')).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if len(line) is 16:
if _version is 2:
rep = str('68') + stack.st(
str(binascii.a2b_hex(str(line.rsplit('$0x')[1]))))
if _version is 3:
rep = str('68') + stack.st(
str(
binascii.a2b_hex(
line.rsplit('$0x')[1].encode(
'latin-1')).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if 'mov $0x' in line:
if '%ecx' in line.rsplit(',')[1]:
if _version is 2:
rep = str('b9') + stack.st(
str(
binascii.a2b_hex(
line.rsplit('$0x')[1].rsplit(',')[0])))
if _version is 3:
rep = str('b9') + stack.st(
str(
binascii.a2b_hex(
line.rsplit('$0x')[1].rsplit(',')[0].encode(
'latin-1')).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if 'mov 0x' in line:
if '%eax' in line.rsplit(',')[0] and '%eax' in line.rsplit(',')[1]:
rep = str('8b 40') + stack.toHex(
line.rsplit('0x')[1].rsplit('(')[0])
shellcode = shellcode.replace(line, rep)
if '%eax' in line.rsplit(',')[0] and '%esi' in line.rsplit(',')[1]:
rep = str('8b 70') + stack.toHex(
line.rsplit('0x')[1].rsplit('(')[0])
shellcode = shellcode.replace(line, rep)
if '%eax' in line.rsplit(',')[0] and '%ebx' in line.rsplit(',')[1]:
rep = str('8b 58') + stack.toHex(
line.rsplit('0x')[1].rsplit('(')[0])
shellcode = shellcode.replace(line, rep)
if '%ebx' in line.rsplit(',')[0] and '%edx' in line.rsplit(',')[1]:
rep = str('8b 53') + stack.toHex(
line.rsplit('0x')[1].rsplit('(')[0])
shellcode = shellcode.replace(line, rep)
if '%edx' in line.rsplit(',')[0] and '%edx' in line.rsplit(',')[1]:
rep = str('8b 52') + stack.toHex(
line.rsplit('0x')[1].rsplit('(')[0])
shellcode = shellcode.replace(line, rep)
if '%edx' in line.rsplit(',')[0] and '%esi' in line.rsplit(',')[1]:
rep = str('8b 72') + stack.toHex(
line.rsplit('0x')[1].rsplit('(')[0])
shellcode = shellcode.replace(line, rep)
if 'mov $0x' in line and len(
line.rsplit('$0x')[1].rsplit(',')[0]) == 4:
if '%cx' in line:
if _version is 2:
rep = str('66 b9') + stack.st(
str(
binascii.a2b_hex(
line.rsplit('$0x')[1].rsplit(',')[0])))
if _version is 3:
rep = str('66 b9') + stack.st(
str(
binascii.a2b_hex(
line.rsplit('$0x')[1].rsplit(',')[0].encode(
'latin-1')).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if '%dx' in line:
if _version is 2:
rep = str('66 ba') + stack.st(
str(
binascii.a2b_hex(
line.rsplit('$0x')[1].rsplit(',')[0])))
if _version is 3:
rep = str('66 ba') + stack.st(
str(
binascii.a2b_hex(
line.rsplit('$0x')[1].rsplit(',')[0].encode(
'latin-1')).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if 'add' in line:
if '$0x' in line:
if '%esp' in line.rsplit(',')[1]:
if _version is 2:
rep = str('83 c4') + stack.st(
str(
binascii.a2b_hex(
stack.toHex(
line.rsplit('$0x')[1].rsplit(',')
[0]))))
if _version is 3:
rep = str('83 c4') + stack.st(
str(
binascii.a2b_hex(
stack.toHex(
line.rsplit('$0x')[1].rsplit(',')[0]).
encode('latin-1')).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if 'cmpl' in line:
if '(%eax)' == line.rsplit(',')[1]:
if _version is 2:
rep = str('81 38') + stack.st(
str(
binascii.a2b_hex(
line.rsplit('$0x')[1].rsplit(',')[0])))
if _version is 3:
rep = str('81 38') + stack.st(
str(
binascii.a2b_hex(
line.rsplit('$0x')[1].rsplit(',')[0].encode(
'latin-1')).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if '0x' in line.rsplit(',')[1]:
if '%eax' in line:
if _version is 2:
rep = str('81 78') + stack.st(
str(
binascii.a2b_hex(
stack.toHex(
line.rsplit(',0x')[1].rsplit('(')[0])))
) + stack.st(
str(
binascii.a2b_hex(
line.rsplit('$0x')[1].rsplit(',')[0])))
if _version is 3:
rep = str('81 78') + stack.st(
str(
binascii.a2b_hex(
stack.toHex(
line.rsplit(',0x')[1].rsplit('(')[0]).
encode('latin-1')).decode('latin-1'))
) + stack.st(
str(
binascii.a2b_hex(
line.rsplit('$0x')[1].rsplit(',')
[0].encode('latin-1')).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if 'jne' in line:
rep = str('75') + hex(int('f4', 16) - last * 9)[2:]
shellcode = shellcode.replace(line, rep, 1)
last += 1
shellcode = stack.shellcoder(shellcode.replace('\n', '').replace(' ', ''))
return shellcode
def convert(shellcode):
shellcode = shellcode.replace('\n\n','\n').replace('\n\n','\n').replace(' ',' ').replace(' ',' ')
for data in replace_values_static:
shellcode = shellcode.replace(data,replace_values_static[data])
new_shellcode = shellcode.rsplit('\n')
dynamics = ''
for line in new_shellcode:
if 'xor' in line:
if '$0x' in line:
if '%eax' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) is 8 or len(line.rsplit(',')[0]) is 9:
rep = str('83 f0') + str(line.rsplit('$0x')[1].rsplit(',')[0])
shellcode = shellcode.replace(line,rep)
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('35') + str(stack.st(binascii.a2b_hex(str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('35') + str(stack.st((binascii.a2b_hex((line.rsplit('$0x')[1].rsplit(',')[0]).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
except:
if _version is 2:
rep = str('35') + str(stack.st(binascii.a2b_hex(str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('35') + str(stack.st((binascii.a2b_hex((str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0])).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if '%ebx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 f3') + str(stack.st(binascii.a2b_hex(str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 f3') + str(stack.st((binascii.a2b_hex((line.rsplit('$0x')[1].rsplit(',')[0]).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
except:
if _version is 2:
rep = str('81 f3') + str(stack.st(binascii.a2b_hex(str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 f3') + str(stack.st((binascii.a2b_hex((str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0])).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if '%ecx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 f1') + str(stack.st(binascii.a2b_hex(str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 f1') + str(stack.st((binascii.a2b_hex((line.rsplit('$0x')[1].rsplit(',')[0]).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
except:
if _version is 2:
rep = str('81 f1') + str(stack.st(binascii.a2b_hex(str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 f1') + str(stack.st((binascii.a2b_hex((str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0])).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if '%edx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 f2') + str(stack.st(binascii.a2b_hex(str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 f2') + str(stack.st((binascii.a2b_hex((line.rsplit('$0x')[1].rsplit(',')[0]).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
except:
if _version is 2:
rep = str('81 f2') + str(stack.st(binascii.a2b_hex(str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 f2') + str(stack.st((binascii.a2b_hex((str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0])).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if 'add' in line:
if '$0x' in line:
if '%eax' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) is 8 or len(line.rsplit(',')[0]) is 9:
rep = str('83 c0') + str(line.rsplit('$0x')[1].rsplit(',')[0])
shellcode = shellcode.replace(line,rep)
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('05') + str(stack.st(binascii.a2b_hex(str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('05') + str(stack.st((binascii.a2b_hex((line.rsplit('$0x')[1].rsplit(',')[0]).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
except:
if _version is 2:
rep = str('05') + str(stack.st(binascii.a2b_hex(str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('05') + str(stack.st((binascii.a2b_hex((str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0])).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if '%ebx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 c3') + str(stack.st(binascii.a2b_hex(str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 c3') + str(stack.st((binascii.a2b_hex((line.rsplit('$0x')[1].rsplit(',')[0]).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
except:
if _version is 2:
rep = str('81 c3') + str(stack.st(binascii.a2b_hex(str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 c3') + str(stack.st((binascii.a2b_hex((str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0])).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if '%ecx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 c1') + str(stack.st(binascii.a2b_hex(str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 c1') + str(stack.st((binascii.a2b_hex((line.rsplit('$0x')[1].rsplit(',')[0]).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
except:
if _version is 2:
rep = str('81 c1') + str(stack.st(binascii.a2b_hex(str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 c1') + str(stack.st((binascii.a2b_hex((str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0])).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if '%edx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 c2') + str(stack.st(binascii.a2b_hex(str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 c2') + str(stack.st((binascii.a2b_hex((line.rsplit('$0x')[1].rsplit(',')[0]).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
except:
if _version is 2:
rep = str('81 c2') + str(stack.st(binascii.a2b_hex(str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 c2') + str(stack.st((binascii.a2b_hex((str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0])).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if 'sub' in line:
if '$0x' in line:
if '%eax' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) is 8 or len(line.rsplit(',')[0]) is 9:
rep = str('83 e8') + str(line.rsplit('$0x')[1].rsplit(',')[0])
shellcode = shellcode.replace(line,rep)
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('2d') + str(stack.st(binascii.a2b_hex(str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('2d') + str(stack.st((binascii.a2b_hex((line.rsplit('$0x')[1].rsplit(',')[0]).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
except:
if _version is 2:
rep = str('2d') + str(stack.st(binascii.a2b_hex(str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('2d') + str(stack.st((binascii.a2b_hex((str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0])).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if '%ebx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 eb') + str(stack.st(binascii.a2b_hex(str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 eb') + str(stack.st((binascii.a2b_hex((line.rsplit('$0x')[1].rsplit(',')[0]).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
except:
if _version is 2:
rep = str('81 eb') + str(stack.st(binascii.a2b_hex(str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 eb') + str(stack.st((binascii.a2b_hex((str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0])).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if '%ecx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 e9') + str(stack.st(binascii.a2b_hex(str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 e9') + str(stack.st((binascii.a2b_hex((line.rsplit('$0x')[1].rsplit(',')[0]).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
except:
if _version is 2:
rep = str('81 e9') + str(stack.st(binascii.a2b_hex(str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 e9') + str(stack.st((binascii.a2b_hex((str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0])).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if '%edx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 ea') + str(stack.st(binascii.a2b_hex(str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 ea') + str(stack.st((binascii.a2b_hex((line.rsplit('$0x')[1].rsplit(',')[0]).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
except:
if _version is 2:
rep = str('81 ea') + str(stack.st(binascii.a2b_hex(str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('81 ea') + str(stack.st((binascii.a2b_hex((str('0')+str(line.rsplit('$0x')[1].rsplit(',')[0])).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if 'mov $0x' in line:
if len(line) is 13 or len(line) is 12:
if '%al' in line.rsplit(',')[1]:
rep = str('b0') + str(line.rsplit('$0x')[1].rsplit(',')[0])
shellcode = shellcode.replace(line,rep)
if '%bl' in line.rsplit(',')[1]:
rep = str('b3') + str(line.rsplit('$0x')[1].rsplit(',')[0])
if 'push $0x' in line:
if len(line) is 9:
rep = str('6a0') + str(line.rsplit('$0x')[1])
shellcode = shellcode.replace(line,rep,1)
if len(line) is 10:
rep = str('6a') + str(line.rsplit('$0x')[1])
shellcode = shellcode.replace(line,rep,1)
if len(line) is 15:
if _version is 2:
rep = str('68') + stack.st(str(binascii.a2b_hex(str('0') + str(line.rsplit('$0x')[1]))))
if _version is 3:
rep = str('68') + stack.st((binascii.a2b_hex((str('0') + str(line.rsplit('$0x')[1])).encode('latin-1'))).decode('latin-1'))
shellcode = shellcode.replace(line,rep)
if len(line) is 16:
if _version is 2:
rep = str('68') + stack.st(str(binascii.a2b_hex(str(line.rsplit('$0x')[1]))))
if _version is 3:
rep = str('68') + stack.st(((binascii.a2b_hex((line.rsplit('$0x')[1]).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
shellcode = stack.shellcoder(shellcode.replace('\n','').replace(' ',''))
return shellcode
def convert(shellcode):
shellcode = shellcode.replace('\n\n', '\n').replace('\n\n', '\n').replace(
' ', ' ').replace(' ', ' ')
for data in replace_values_static:
shellcode = shellcode.replace(data, replace_values_static[data])
new_shellcode = shellcode.rsplit('\n')
dynamics = ''
for line in new_shellcode:
if 'xor' in line:
if '$0x' in line:
if '%eax' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) is 8 or len(
line.rsplit(',')[0]) is 9:
rep = str('83 f0') + str(
line.rsplit('$0x')[1].rsplit(',')[0])
shellcode = shellcode.replace(line, rep)
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('35') + str(
stack.st(
binascii.a2b_hex(
str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('35') + str(
stack.st((binascii.a2b_hex(
(line.rsplit('$0x')[1].rsplit(',')[0]).
encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
except:
if _version is 2:
rep = str('35') + str(
stack.st(
binascii.a2b_hex(
str('0') + str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('35') + str(
stack.st((binascii.a2b_hex((str('0') + str(
line.rsplit('$0x')[1].rsplit(',')[0]
)).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if '%ebx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 f3') + str(
stack.st(
binascii.a2b_hex(
str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 f3') + str(
stack.st((binascii.a2b_hex(
(line.rsplit('$0x')[1].rsplit(',')[0]).
encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
except:
if _version is 2:
rep = str('81 f3') + str(
stack.st(
binascii.a2b_hex(
str('0') + str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 f3') + str(
stack.st((binascii.a2b_hex((str('0') + str(
line.rsplit('$0x')[1].rsplit(',')[0]
)).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if '%ecx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 f1') + str(
stack.st(
binascii.a2b_hex(
str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 f1') + str(
stack.st((binascii.a2b_hex(
(line.rsplit('$0x')[1].rsplit(',')[0]).
encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
except:
if _version is 2:
rep = str('81 f1') + str(
stack.st(
binascii.a2b_hex(
str('0') + str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 f1') + str(
stack.st((binascii.a2b_hex((str('0') + str(
line.rsplit('$0x')[1].rsplit(',')[0]
)).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if '%edx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 f2') + str(
stack.st(
binascii.a2b_hex(
str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 f2') + str(
stack.st((binascii.a2b_hex(
(line.rsplit('$0x')[1].rsplit(',')[0]).
encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
except:
if _version is 2:
rep = str('81 f2') + str(
stack.st(
binascii.a2b_hex(
str('0') + str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 f2') + str(
stack.st((binascii.a2b_hex((str('0') + str(
line.rsplit('$0x')[1].rsplit(',')[0]
)).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if 'add' in line:
if '$0x' in line:
if '%eax' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) is 8 or len(
line.rsplit(',')[0]) is 9:
rep = str('83 c0') + str(
line.rsplit('$0x')[1].rsplit(',')[0])
shellcode = shellcode.replace(line, rep)
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('05') + str(
stack.st(
binascii.a2b_hex(
str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('05') + str(
stack.st((binascii.a2b_hex(
(line.rsplit('$0x')[1].rsplit(',')[0]).
encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
except:
if _version is 2:
rep = str('05') + str(
stack.st(
binascii.a2b_hex(
str('0') + str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('05') + str(
stack.st((binascii.a2b_hex((str('0') + str(
line.rsplit('$0x')[1].rsplit(',')[0]
)).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if '%ebx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 c3') + str(
stack.st(
binascii.a2b_hex(
str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 c3') + str(
stack.st((binascii.a2b_hex(
(line.rsplit('$0x')[1].rsplit(',')[0]).
encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
except:
if _version is 2:
rep = str('81 c3') + str(
stack.st(
binascii.a2b_hex(
str('0') + str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 c3') + str(
stack.st((binascii.a2b_hex((str('0') + str(
line.rsplit('$0x')[1].rsplit(',')[0]
)).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if '%ecx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 c1') + str(
stack.st(
binascii.a2b_hex(
str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 c1') + str(
stack.st((binascii.a2b_hex(
(line.rsplit('$0x')[1].rsplit(',')[0]).
encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
except:
if _version is 2:
rep = str('81 c1') + str(
stack.st(
binascii.a2b_hex(
str('0') + str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 c1') + str(
stack.st((binascii.a2b_hex((str('0') + str(
line.rsplit('$0x')[1].rsplit(',')[0]
)).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if '%edx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 c2') + str(
stack.st(
binascii.a2b_hex(
str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 c2') + str(
stack.st((binascii.a2b_hex(
(line.rsplit('$0x')[1].rsplit(',')[0]).
encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
except:
if _version is 2:
rep = str('81 c2') + str(
stack.st(
binascii.a2b_hex(
str('0') + str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 c2') + str(
stack.st((binascii.a2b_hex((str('0') + str(
line.rsplit('$0x')[1].rsplit(',')[0]
)).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if 'sub' in line:
if '$0x' in line:
if '%eax' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) is 8 or len(
line.rsplit(',')[0]) is 9:
rep = str('83 e8') + str(
line.rsplit('$0x')[1].rsplit(',')[0])
shellcode = shellcode.replace(line, rep)
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('2d') + str(
stack.st(
binascii.a2b_hex(
str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('2d') + str(
stack.st((binascii.a2b_hex(
(line.rsplit('$0x')[1].rsplit(',')[0]).
encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
except:
if _version is 2:
rep = str('2d') + str(
stack.st(
binascii.a2b_hex(
str('0') + str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('2d') + str(
stack.st((binascii.a2b_hex((str('0') + str(
line.rsplit('$0x')[1].rsplit(',')[0]
)).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if '%ebx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 eb') + str(
stack.st(
binascii.a2b_hex(
str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 eb') + str(
stack.st((binascii.a2b_hex(
(line.rsplit('$0x')[1].rsplit(',')[0]).
encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
except:
if _version is 2:
rep = str('81 eb') + str(
stack.st(
binascii.a2b_hex(
str('0') + str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 eb') + str(
stack.st((binascii.a2b_hex((str('0') + str(
line.rsplit('$0x')[1].rsplit(',')[0]
)).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if '%ecx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 e9') + str(
stack.st(
binascii.a2b_hex(
str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 e9') + str(
stack.st((binascii.a2b_hex(
(line.rsplit('$0x')[1].rsplit(',')[0]).
encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
except:
if _version is 2:
rep = str('81 e9') + str(
stack.st(
binascii.a2b_hex(
str('0') + str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 e9') + str(
stack.st((binascii.a2b_hex((str('0') + str(
line.rsplit('$0x')[1].rsplit(',')[0]
)).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if '%edx' in line.rsplit(',')[1]:
if len(line.rsplit(',')[0]) >= 14:
try:
if _version is 2:
rep = str('81 ea') + str(
stack.st(
binascii.a2b_hex(
str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 ea') + str(
stack.st((binascii.a2b_hex(
(line.rsplit('$0x')[1].rsplit(',')[0]).
encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
except:
if _version is 2:
rep = str('81 ea') + str(
stack.st(
binascii.a2b_hex(
str('0') + str(
line.rsplit('$0x')[1].rsplit(
',')[0]))))
if _version is 3:
rep = str('81 ea') + str(
stack.st((binascii.a2b_hex((str('0') + str(
line.rsplit('$0x')[1].rsplit(',')[0]
)).encode('latin-1'))).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
if 'mov $0x' in line:
if len(line) is 13 or len(line) is 12:
if '%al' in line.rsplit(',')[1]:
rep = str('b0') + str(line.rsplit('$0x')[1].rsplit(',')[0])
shellcode = shellcode.replace(line, rep)
if '%bl' in line.rsplit(',')[1]:
rep = str('b3') + str(line.rsplit('$0x')[1].rsplit(',')[0])
if 'push $0x' in line:
if len(line) is 9:
rep = str('6a0') + str(line.rsplit('$0x')[1])
shellcode = shellcode.replace(line, rep, 1)
if len(line) is 10:
rep = str('6a') + str(line.rsplit('$0x')[1])
shellcode = shellcode.replace(line, rep, 1)
if len(line) is 15:
if _version is 2:
rep = str('68') + stack.st(
str(
binascii.a2b_hex(
str('0') + str(line.rsplit('$0x')[1]))))
if _version is 3:
rep = str('68') + stack.st((binascii.a2b_hex(
(str('0') + str(line.rsplit('$0x')[1])
).encode('latin-1'))).decode('latin-1'))
shellcode = shellcode.replace(line, rep)
if len(line) is 16:
if _version is 2:
rep = str('68') + stack.st(
str(binascii.a2b_hex(str(line.rsplit('$0x')[1]))))
if _version is 3:
rep = str('68') + stack.st(((binascii.a2b_hex(
(line.rsplit('$0x')[1]).encode('latin-1'))
).decode('latin-1')))
shellcode = shellcode.replace(line, rep)
shellcode = stack.shellcoder(shellcode.replace('\n', '').replace(' ', ''))
return shellcode
def convert(shellcode):
shellcode = (
shellcode.replace("\n\n", "\n").replace("\n\n", "\n").replace(" ", " ").replace(" ", " ").replace(" ", " ")
)
for data in replace_values_static:
shellcode = shellcode.replace(data, replace_values_static[data])
new_shellcode = shellcode.rsplit("\n")
last = 0
for line in new_shellcode:
if "push $0x" in line:
if len(line) is 15:
if _version is 2:
rep = str("68") + stack.st(str(binascii.a2b_hex(str("0") + str(line.rsplit("$0x")[1]))))
if _version is 3:
rep = str("68") + stack.st(
str(binascii.a2b_hex(str("0") + line.rsplit("$0x")[1].encode("latin-1")).decode("latin-1"))
)
shellcode = shellcode.replace(line, rep)
if len(line) is 16:
if _version is 2:
rep = str("68") + stack.st(str(binascii.a2b_hex(str(line.rsplit("$0x")[1]))))
if _version is 3:
rep = str("68") + stack.st(
str(binascii.a2b_hex(line.rsplit("$0x")[1].encode("latin-1")).decode("latin-1"))
)
shellcode = shellcode.replace(line, rep)
if "mov $0x" in line:
if "%ecx" in line.rsplit(",")[1]:
if _version is 2:
rep = str("b9") + stack.st(str(binascii.a2b_hex(line.rsplit("$0x")[1].rsplit(",")[0])))
if _version is 3:
rep = str("b9") + stack.st(
str(binascii.a2b_hex(line.rsplit("$0x")[1].rsplit(",")[0].encode("latin-1")).decode("latin-1"))
)
shellcode = shellcode.replace(line, rep)
if "mov 0x" in line:
if "%eax" in line.rsplit(",")[0] and "%eax" in line.rsplit(",")[1]:
rep = str("8b 40") + stack.toHex(line.rsplit("0x")[1].rsplit("(")[0])
shellcode = shellcode.replace(line, rep)
if "%eax" in line.rsplit(",")[0] and "%esi" in line.rsplit(",")[1]:
rep = str("8b 70") + stack.toHex(line.rsplit("0x")[1].rsplit("(")[0])
shellcode = shellcode.replace(line, rep)
if "%eax" in line.rsplit(",")[0] and "%ebx" in line.rsplit(",")[1]:
rep = str("8b 58") + stack.toHex(line.rsplit("0x")[1].rsplit("(")[0])
shellcode = shellcode.replace(line, rep)
if "%ebx" in line.rsplit(",")[0] and "%edx" in line.rsplit(",")[1]:
rep = str("8b 53") + stack.toHex(line.rsplit("0x")[1].rsplit("(")[0])
shellcode = shellcode.replace(line, rep)
if "%edx" in line.rsplit(",")[0] and "%edx" in line.rsplit(",")[1]:
rep = str("8b 52") + stack.toHex(line.rsplit("0x")[1].rsplit("(")[0])
shellcode = shellcode.replace(line, rep)
if "%edx" in line.rsplit(",")[0] and "%esi" in line.rsplit(",")[1]:
rep = str("8b 72") + stack.toHex(line.rsplit("0x")[1].rsplit("(")[0])
shellcode = shellcode.replace(line, rep)
if "mov $0x" in line and len(line.rsplit("$0x")[1].rsplit(",")[0]) == 4:
if "%cx" in line:
if _version is 2:
rep = str("66 b9") + stack.st(str(binascii.a2b_hex(line.rsplit("$0x")[1].rsplit(",")[0])))
if _version is 3:
rep = str("66 b9") + stack.st(
str(binascii.a2b_hex(line.rsplit("$0x")[1].rsplit(",")[0].encode("latin-1")).decode("latin-1"))
)
shellcode = shellcode.replace(line, rep)
if "%dx" in line:
if _version is 2:
rep = str("66 ba") + stack.st(str(binascii.a2b_hex(line.rsplit("$0x")[1].rsplit(",")[0])))
if _version is 3:
rep = str("66 ba") + stack.st(
str(binascii.a2b_hex(line.rsplit("$0x")[1].rsplit(",")[0].encode("latin-1")).decode("latin-1"))
)
shellcode = shellcode.replace(line, rep)
if "add" in line:
if "$0x" in line:
if "%esp" in line.rsplit(",")[1]:
if _version is 2:
rep = str("83 c4") + stack.st(
str(binascii.a2b_hex(stack.toHex(line.rsplit("$0x")[1].rsplit(",")[0])))
)
if _version is 3:
rep = str("83 c4") + stack.st(
str(
binascii.a2b_hex(
stack.toHex(line.rsplit("$0x")[1].rsplit(",")[0]).encode("latin-1")
).decode("latin-1")
)
)
shellcode = shellcode.replace(line, rep)
if "cmpl" in line:
if "(%eax)" == line.rsplit(",")[1]:
if _version is 2:
rep = str("81 38") + stack.st(str(binascii.a2b_hex(line.rsplit("$0x")[1].rsplit(",")[0])))
if _version is 3:
rep = str("81 38") + stack.st(
str(binascii.a2b_hex(line.rsplit("$0x")[1].rsplit(",")[0].encode("latin-1")).decode("latin-1"))
)
shellcode = shellcode.replace(line, rep)
if "0x" in line.rsplit(",")[1]:
if "%eax" in line:
if _version is 2:
rep = (
str("81 78")
+ stack.st(str(binascii.a2b_hex(stack.toHex(line.rsplit(",0x")[1].rsplit("(")[0]))))
+ stack.st(str(binascii.a2b_hex(line.rsplit("$0x")[1].rsplit(",")[0])))
)
if _version is 3:
rep = (
str("81 78")
+ stack.st(
str(
binascii.a2b_hex(
stack.toHex(line.rsplit(",0x")[1].rsplit("(")[0]).encode("latin-1")
).decode("latin-1")
)
)
+ stack.st(
str(
binascii.a2b_hex(line.rsplit("$0x")[1].rsplit(",")[0].encode("latin-1")).decode(
"latin-1"
)
)
)
)
shellcode = shellcode.replace(line, rep)
if "jne" in line:
rep = str("75") + hex(int("f4", 16) - last * 9)[2:]
shellcode = shellcode.replace(line, rep, 1)
last += 1
shellcode = stack.shellcoder(shellcode.replace("\n", "").replace(" ", ""))
return shellcode
def convert(shellcode):
shellcode = shellcode.replace('\n\n','\n').replace('\n\n','\n').replace(' ',' ').replace(' ',' ')
for data in replace_values_static:
shellcode = shellcode.replace(data,replace_values_static[data])
new_shellcode = shellcode.rsplit('\n')
last = 0
for line in new_shellcode:
if 'push $0x' in line:
if len(line) is 16:
if _version is 2:
rep = str('68') + stack.st(str(binascii.a2b_hex(str(line.rsplit('$0x')[1]))))
if _version is 3:
rep = str('68') + stack.st(str(binascii.a2b_hex(line.rsplit('$0x')[1].encode('latin-1')).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if 'mov $0x' in line:
if '%ecx' in line.rsplit(',')[1]:
if _version is 2:
rep = str('b9') + stack.st(str(binascii.a2b_hex(line.rsplit('$0x')[1].rsplit(',')[0])))
if _version is 3:
rep = str('b9') + stack.st(str(binascii.a2b_hex(line.rsplit('$0x')[1].rsplit(',')[0].encode('latin-1')).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if 'mov 0x' in line:
if '%eax' in line.rsplit(',')[0] and '%eax' in line.rsplit(',')[1]:
rep = str('8b 40') + stack.toHex(line.rsplit('0x')[1].rsplit('(')[0])
shellcode = shellcode.replace(line,rep)
if '%eax' in line.rsplit(',')[0] and '%esi' in line.rsplit(',')[1]:
rep = str('8b 70') + stack.toHex(line.rsplit('0x')[1].rsplit('(')[0])
shellcode = shellcode.replace(line,rep)
if '%eax' in line.rsplit(',')[0] and '%ebx' in line.rsplit(',')[1]:
rep = str('8b 58') + stack.toHex(line.rsplit('0x')[1].rsplit('(')[0])
shellcode = shellcode.replace(line,rep)
if '%ebx' in line.rsplit(',')[0] and '%edx' in line.rsplit(',')[1]:
rep = str('8b 53') + stack.toHex(line.rsplit('0x')[1].rsplit('(')[0])
shellcode = shellcode.replace(line,rep)
if '%edx' in line.rsplit(',')[0] and '%edx' in line.rsplit(',')[1]:
rep = str('8b 52') + stack.toHex(line.rsplit('0x')[1].rsplit('(')[0])
shellcode = shellcode.replace(line,rep)
if '%edx' in line.rsplit(',')[0] and '%esi' in line.rsplit(',')[1]:
rep = str('8b 72') + stack.toHex(line.rsplit('0x')[1].rsplit('(')[0])
shellcode = shellcode.replace(line,rep)
if 'add' in line:
if '$0x' in line:
if '%esp' in line.rsplit(',')[1]:
if _version is 2:
rep = str('83 c4') + stack.st(str(binascii.a2b_hex(stack.toHex(line.rsplit('$0x')[1].rsplit(',')[0]))))
if _version is 3:
rep = str('83 c4') + stack.st(str(binascii.a2b_hex(stack.toHex(line.rsplit('$0x')[1].rsplit(',')[0]).encode('latin-1')).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if 'cmpl' in line:
if '(%eax)' == line.rsplit(',')[1]:
if _version is 2:
rep = str('81 38') + stack.st(str(binascii.a2b_hex(line.rsplit('$0x')[1].rsplit(',')[0])))
if _version is 3:
rep = str('81 38') + stack.st(str(binascii.a2b_hex(line.rsplit('$0x')[1].rsplit(',')[0].encode('latin-1')).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if '0x' in line.rsplit(',')[1]:
if '%eax' in line:
if _version is 2:
rep = str('81 78') + stack.st(str(binascii.a2b_hex(stack.toHex(line.rsplit(',0x')[1].rsplit('(')[0])))) + stack.st(str(binascii.a2b_hex(line.rsplit('$0x')[1].rsplit(',')[0])))
if _version is 3:
rep = str('81 78') + stack.st(str(binascii.a2b_hex(stack.toHex(line.rsplit(',0x')[1].rsplit('(')[0]).encode('latin-1')).decode('latin-1'))) + stack.st(str(binascii.a2b_hex(line.rsplit('$0x')[1].rsplit(',')[0].encode('latin-1')).decode('latin-1')))
shellcode = shellcode.replace(line,rep)
if 'jne' in line:
rep = str('75') + hex(int('f4', 16) - last*9)[2:]
shellcode = shellcode.replace(line,rep,1)
last += 1
shellcode = stack.shellcoder(shellcode.replace('\n','').replace(' ',''))
return shellcode