View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005231||Kali Linux||[All Projects] New Tool Requests||public||2019-01-31 03:32||2019-02-21 17:00|
|Target Version||Fixed in Version|
|Summary||0005231: Shellcode Cleaner|
|Description||- [Name] - Shellcode Cleaner|
- [Version] - Most recent release is https://github.com/1kozlovsas/Shellcode-Cleaner/commit/61c12df47aee1060bb9b13b3e8ffe987edc9e440
--- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
- [Homepage] - https://github.com/1kozlovsas/Shellcode-Cleaner
- [Download] - https://github.com/1kozlovsas/Shellcode-Cleaner
- [Author] - Alex Kozlov
- [Licence] - Freely Redistributable under GNU GPL. I only ask that I be credited in the help doc, which I can add myself if need be.
- [Description] - A tool to clean up your shellcode by removing unnecessary characters (newlines, semicolons, quotes, even the '\x' escape character if need be) from shellcode that's pasted into the tool. You run the tool if the command line arguments of what you want to strip, paste the shellcode, hit Control+D, and it will output the stripped result. Great for converting MSFVenom payloads into a string that can be pasted into existing exploit code, and can also be used to perform binary paste operations since spaces are also stripped from the shellcode by default.
- [Dependencies] - Python 2.7 with sys, getopt, argparse modules (I think these are included by default), bash, root privileges needed to install
- [Similar tools] -Unsure really. I guess you can cat a file and do these operations with bash but here you can just paste the shellcode directly, hit control + d, and you have your payload.
- [How to install] - If you wish to install it you'll just run "./installer.sh" as sudo/root user, then you can call the program like any other. As a standalone script you just run "python shellcode-cleaner.py"
- [How to use] :
Say you generated a shell with MSFVenom and it comes out with semicolons and quotation marks and newline characters, but you just want the hex byte with "\x".
Run "shellcode-cleaner -nrqs", paste your shellcode, hit control +d, and voila, your shellcode is ready to be used.
|Additional Information||Let me know if you need anything else!|
||Product Version was meant to be Kali's current rolling distribution (2019.1), not kali dev|
||I have packaged my tool into a .deb file and adjusted the file to meet the Debian Package Security standards as far as I understand them. Can someone let me know the next step for me to take? Should i reach out to the debian package security team?|
The script has been updated to version 1.01:
-You can now insert the "\x" hex escape character before each set of hex bytes.
-Since I will now be packaging each release as a .DEB file, the "install.sh" method may be deprecated in the future.
Could someone please let me know the next steps for me to submit my .DEB file as a package? Should I send an email to the Debian Security Team?
The script has been updated to version 1.02:
-Additional flags have been added
-It's now possible to prepend characters to hex bytes as well as remove them! You can now prepend a percentage (%) sign, a unicode (%u) symbol, or a hex escape (\x) character.
Adding hex bytes.png (86,657 bytes)
Adding hex bytes.png (86,657 bytes)
|2019-01-31 03:32||akozlov||New Issue|
|2019-02-01 03:16||akozlov||Note Added: 0010248|
|2019-02-08 15:52||akozlov||Note Added: 0010273|
|2019-02-13 18:01||akozlov||Note Added: 0010296|
|2019-02-17 09:15||steev||Summary||Pitching my tool here. It's a program that you paste your shellcode into, and it will clean it up for you. => Shellcode Cleaner|
|2019-02-21 17:00||akozlov||File Added: Adding hex bytes.png|
|2019-02-21 17:00||akozlov||Note Added: 0010349|