Jump to content

Convert Exe File To Shellcode And Run In Memory?


Recommended Posts

yeah, the title pretty much says it,

is it possible to convert and exe file to shellcode that can be run in memory/inserted into a metasploit executable template?

here's he python code i use to load and run the shellcode


from ctypes import * #load ctypes module
import sys,binascii # import binascii to decode shellcode
o=open(sys.argv[1],"r") # open file to read encoded shellcode from
shellcode=binascii.unhexlify(o.read()) # write decoded shellcode to variable
cast(create_string_buffer(shellcode, len(shellcode)), CFUNCTYPE(c_void_p))() # run it

now i want to use an exe file as payload to run it from RAM

here's the code of the encoder:

import sys,binascii

the problem is when i feed it an encoded exe file it won't work:

C:\Dokumente und Einstellungen\User\Desktop>test.py out.txt
Traceback (most recent call last):
  File "C:\Dokumente und Einstellungen\User\Desktop\test.py", line 5, in <module>
    cast(create_string_buffer(shellcode, len(shellcode)), CFUNCTYPE(c_void_p))()

WindowsError: exception: access violation writing 0x00001101

i also checked if it was possible to use metasploit to convert an exe to shellcode, but i didn't find anything :(

so i'd like to convert the exe to "real" shellcode that can be run from RAM

any ideas?

Link to comment
Share on other sites

I'm not really good with metasploit, but Meterpreter already allows you to start executables in memory from what I recall. The whole point of meterpreter is the ability to be stealthy and runs the payloads or starting processes in memory. There isn't any way I know of to take an existing executable and make it purely shellcode. They are two different things, where shellcode is something that calls info at a lower level of the system and is not a compiled program in itself(although you could make an executable that exploits a system and contains shellcode) most shell code are scripts to push things onto the buffer and take control of it.

If you are looking to avoid Anti-virus and such though, look into using SET as well. Dave has some tools in there that make the payloads and executables run all from memory and avoid all AV programs out there(or so he says).

Edited by digip
Link to comment
Share on other sites

  • 5 months later...
Posted · Hidden by cashcashjonny, April 19, 2012 - Security - oops
Hidden by cashcashjonny, April 19, 2012 - Security - oops

Hello, I'm thinking my response is going to be a bit late & you have probably found a solution already. I haven't really got a total solution for you either ... just a method really ... but if it helps anyone, here goes ...

Download a Free Hex/Disc editor like this one: Free Hex Editor

Open your .exe with the Hex editor. The centre section will have your .exe in hex (eg. 4D 00 A3 5C O8 .... ). You can copy and paste this hex to a text document.

Now comes the part you probably won't like ... write a simple programme in your favorite language ... maybe C or C++ ... to add whatever stuffs you need to get the hex into the desired format (eg. \0x4D\0x00\0xA3\0x5C or &4D, &00, &A3 ...) ...get the general idea? B)

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...