-
Notifications
You must be signed in to change notification settings - Fork 0
/
makeexe.py
executable file
·156 lines (122 loc) · 4.75 KB
/
makeexe.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
#!/usr/bin/env python
"""
makeexe.py
Copywrite: Dave Aitel, 2003
"""
NOTES="""
See this article for information on create a minimal ELF file on Linux
http://www.muppetlabs.com/~breadbox/software/tiny/teensy.html
BITS 32
org 0x08048000
ehdr: ; Elf32_Ehdr
db 0x7F, "ELF", 1, 1, 1 ; e_ident
times 9 db 0
dw 2 ; e_type
dw 3 ; e_machine
dd 1 ; e_version
dd _start ; e_entry
dd phdr - $$ ; e_phoff
dd 0 ; e_shoff
dd 0 ; e_flags
dw ehdrsize ; e_ehsize
dw phdrsize ; e_phentsize
dw 1 ; e_phnum
dw 0 ; e_shentsize
dw 0 ; e_shnum
dw 0 ; e_shstrndx
ehdrsize equ $ - ehdr
phdr: ; Elf32_Phdr
dd 1 ; p_type
dd 0 ; p_offset
dd $$ ; p_vaddr
dd $$ ; p_paddr
dd filesize ; p_filesz
dd filesize ; p_memsz
dd 5 ; p_flags
dd 0x1000 ; p_align
phdrsize equ $ - phdr
_start:
; your program here
filesize equ $ - $$
"""
import sys
#returns a binary version of the string
def binstring(instring):
result=""
#erase all whitespace
tmp=instring.replace(" ","")
tmp=tmp.replace("\n","")
tmp=tmp.replace("\t","")
tmp=tmp.replace("\r","")
tmp=tmp.replace(",","")
if len(tmp) % 2 != 0:
print "tried to binstring something of illegal length: %d: *%s*"%(len(tmp),prettyprint(tmp))
return ""
while tmp!="":
two=tmp[:2]
#account for 0x and \x stuff
if two!="0x" and two!="\\x":
result+=chr(int(two,16))
tmp=tmp[2:]
return result
#int to intelordered string conversion
def intel_order(myint):
str=""
a=chr(myint % 256)
myint=myint >> 8
b=chr(myint % 256)
myint=myint >> 8
c=chr(myint % 256)
myint=myint >> 8
d=chr(myint % 256)
str+="%c%c%c%c" % (a,b,c,d)
return str
def makelinuxexe(data,filename=""):
"""
Makes a linux executable from the data bytes (shellcode) in "data"
Should be close to optimally small
0x08048054 is where our shellcode will start, if you want to debug it with gdb
"""
tmp=""
tmp+=binstring("7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00")
tmp+=binstring("02 00 03 00 01 00 00 00");
tmp+=binstring("54 80 04 08"); #memory segment for start of first .text page backwards
tmp+=binstring("34 00 00 00") #phdr - $$
tmp+=binstring("00"*8)
tmp+=binstring("34 00 20 00 01 00 ");
tmp+=binstring("00 00")
tmp+=binstring("00 00 00 00 01 00 00 00 00 00 00 00 00 80 04 08")
tmp+=binstring("00 80 04 08") #memseg again
tmp+=intel_order(54+len(data))*2
tmp+=binstring("05 00 00 00 00 10 00 00")
tmp+=data
if filename!="":
try:
fd=open(filename,"w")
fd.write(tmp)
fd.close()
import os
os.chmod(filename, 0775)
except:
print "Couldn't open, write or chmod outfile"
return tmp
def usage():
print "%s inputfile outputfile"%sys.argv[0]
sys.exit(1)
if __name__=="__main__":
try:
#data=open(sys.argv[1]).read()
data="\xcc"
except:
print "Couldn't open file to read in."
usage()
filedata=makelinuxexe(data)
try:
fd=open(sys.argv[2],"w")
fd.write(filedata)
fd.close()
import os
os.chmod(sys.argv[2], 0775)
except:
print "Couldn't open, write or chmod outfile"
sys.exit(1)