Published on February 28th, 2018 📆 | 4134 Views ⚑
0Shellen – Interactive Shellcoding Environment, In Which You Can Easily Craft Your Shellcodes
Installing
You can install the stable version of shellen using pip3:
$ sudo pip3 install shellen
Or if you already have all required packages (seeΒ Requirements):
$ python3 setup.py install
If you have any trouble with installing keystone-engine, then you should compile it by yourself (see theΒ COMPILE.mdΒ file in theΒ keystoneΒ repository)
How to run:
After installing shellen and all its required packages, you can run shellen just by typing the next in your terminal:
$ shellen
There is theΒ help
Β command inside the tool, that will explain almost everything.
[adsense size='1' ]
Features
Shellen was created for assembling and disassembling instructions, so there are two modes of using the tool:Β asmΒ andΒ dsmrespectively. Of course, there are some other possibilities like syscalls tables, commonΒ shellcodesΒ and other.
Problems/New features
If you find a problem/bug or something, then just write an issue about this problem. Also, if you think, that some feature will be nice to use in shellen, then do the same -- write an issue and I will try to add this feature.
Prompt
It also has a usefull prompt, displaying current mode, OS (Operating System for syscalls) and chosen architecture exactly for this mode. It looks as follows:
L:asm:x86_32 >
You can edit your input like you're typing in a terminal. Also, it has a history of commands (just type up arrow to see them).
L
Β is the shortened name ofΒ Linux
Β in the prompt. Below listed all other OS names:
L
Β is LinuxW
Β is WindowsM
Β is MacOS
If you want to change OS, then typeΒ setos [linux/windows/macos]
Β as follows:
L:asm:x86_32 > setos windows
[+] OS changed to windows.
To change current mode, enterΒ asm
Β orΒ dsm
Β in the prompt.
L:dsm:arm32 > asm
[+] Changed to asm (assembly) mode
L:asm:x86_32 > dsm
[+] Changed to dsm (disassembly) mode
L:dsm:arm32 >
Assembling
To assembly instuctions, type them separated by colons as follows:
L:asm:x86_32 > mov edx, eax; xor eax, eax; inc edx; int 80;
[+] Bytes count: 7
Raw bytes: "\x89\xc2\x31\xc0\x42\xcd\x50"
Hex string: "89c231c042cd50"
If your assembled bytes contain a null byte, then shellen will tell you about this.
Disassembling
It works exactly as assembling. Type your bytes in the input prompt and see the result!
L:dsm:x86_32 > 89c231c042cd50
0x00080000: mov edx, eax
0x00080002: xor eax, eax
0x00080004: inc edx
0x00080005: int 0x50
Architectures
asm
Β andΒ dsm
Β modes work for different architectures. To see a list of available architectures for a current mode, type this:
L:dsm:x86_32 > archs
ββββββββββ¬βββββββββ¬ββββββββββ¬ββββββββββ¬βββββββββ
β β β β β β
β arm32 β mips32 β sparc32 β systemz β x86_16 β
β arm64 β mips64 β sparc64 β β x86_32 β
β arm_tb β β β β x86_64 β
ββββββββββ΄βββββββββ΄ββββββββββ΄ββββββββββ΄βββββββββ
And if you want to change current architecture, enter follow:
L:dsm:x86_32 > setarch arm32
[+] Architecture of dsm changed to arm32
[adsense size='1' ]
Syscalls
It's apparent that in process of crafting a shellcode you will be needed syscalls. So, shellen will help you with that. Just typeΒ sys
Β with a name of desired syscall and shellen will show you a list of possible syscalls you were looking for.
L:asm:x86_32 > sys open
ββββββββββ¬ββββββββ¬βββββββββββββββββββββββ¬βββββββββββββββββββββββ¬βββββββββββββββ¬βββββββββββββββ
β name β eax β ebx β ecx β edx β esi β
ββββββββββΌββββββββΌβββββββββββββββββββββββΌβββββββββββββββββββββββΌβββββββββββββββΌβββββββββββββββ€
β open β 0x05 β const char *filename β int flags β umode_t mode β - β
β openat β 0x127 β int dfd β const char *filename β int flags β umode_t mode β
ββββββββββ΄ββββββββ΄βββββββββββββββββββββββ΄βββββββββββββββββββββββ΄βββββββββββββββ΄βββββββββββββββ
This prints possible variants of syscall depending on entered pattern. Syscall table for searching depends on chosen architecture and OS (Operating System). In this case it'sΒ x86_32
Β andΒ Linux
.
Common shellcodes
Shellen can show you a list of common shellcodes depending on your keyword. The example of using placed inΒ Pictures
Β section. It uses API of shell-storm.org site (thanks to the author!). You can use it like this:
L:asm:x86_32 > shell <keyword> <count>
Actually,Β count
Β parameter isn't required.
Operating Systems
It was assumed that there will be several OSs (Linux,Β WindowsΒ and MacOS), but right now supported only Linux. If you want to add functionality for Windows or MacOS, then write an issue and I will add it.
Base commands
Command | Description |
---|---|
clear |
Clear the terminal screen. As usualΒ cls Β on Windows orΒ clear Β on *nix systems. |
help |
Show the help message. |
quit,q,exit |
Finish the current session and quit |
Requirements
[adsense size='1' ]
Pictures
Just a little bunch of pictures.
Gloss