我想将应用程序存储为十六进制编码的字节数组,以便我可以使用python执行它。传统上,我使用 msfencode 创建了它,但后来它已被弃用。 我知道有msfvenom,但我想自己做,这样我就不必依赖另一个程序。
基本上,我想做的是读取一个文件并将其存储为十六进制编码的二进制数组。
例如,这是作为字节编码字节数组的Windows计算器(可在线找到):
shellcode = bytearray(
"xdbxc3xd9x74x24xf4xbexe8x5ax27x13x5fx31xc9"
"xb1x33x31x77x17x83xc7x04x03x9fx49xc5xe6xa3"
"x86x80x09x5bx57xf3x80xbex66x21xf6xcbxdbxf5"
"x7cx99xd7x7exd0x09x63xf2xfdx3exc4xb9xdbx71"
"xd5x0fxe4xddx15x11x98x1fx4axf1xa1xd0x9fxf0"
"xe6x0cx6fxa0xbfx5bxc2x55xcbx19xdfx54x1bx16"
"x5fx2fx1exe8x14x85x21x38x84x92x6axa0xaexfd"
"x4axd1x63x1exb6x98x08xd5x4cx1bxd9x27xacx2a"
"x25xebx93x83xa8xf5xd4x23x53x80x2ex50xeex93"
"xf4x2bx34x11xe9x8bxbfx81xc9x2ax13x57x99x20"
"xd8x13xc5x24xdfxf0x7dx50x54xf7x51xd1x2exdc"
"x75xbaxf5x7dx2fx66x5bx81x2fxcex04x27x3bxfc"
"x51x51x66x6axa7xd3x1cxd3xa7xebx1ex73xc0xda"
"x95x1cx97xe2x7fx59x67xa9x22xcbxe0x74xb7x4e"
"x6dx87x6dx8cx88x04x84x6cx6fx14xedx69x2bx92"
"x1dx03x24x77x22xb0x45x52x41x57xd6x3exa8xf2"
"x5exa4xb4")
我希望能够给它一个文件,并按照上面格式化。
您可以使用 Python 内置例程之一来执行此操作。下面假定data
包含.exe文件的(二进制)内容。
import binascii
def pairwise(iterable):
"s -> (s0,s1), (s2,s3), (s4, s5), ..."
a = iter(iterable)
return zip(a, a)
hex_encoded = '\x' + '\x'.join(pair[0]+pair[1]
for pair in pairwise(binascii.hexlify(data)))
print('data length: {}'.format(len(data)))
print('hex_encoded length: {}, "{}"'.format(len(hex_encoded), hex_encoded))
输出:
data length: 227
hex_encoded length: 908, "xdbxc3xd9x74x24xf4xbexe8x5ax27x13x5fx31xc9xb1x33x31x77x17x83xc7x04x03x9fx49xc5xe6xa3x86x80x09x5bx57xf3x80xbex66x21xf6xcbxdbxf5x7cx99xd7x7exd0x09x63xf2xfdx3exc4xb9xdbx71xd5x0fxe4xddx15x11x98x1fx4axf1xa1xd0x9fxf0xe6x0cx6fxa0xbfx5bxc2x55xcbx19xdfx54x1bx16x5fx2fx1exe8x14x85x21x38x84x92x6axa0xaexfdx4axd1x63x1exb6x98x08xd5x4cx1bxd9x27xacx2ax25xebx93x83xa8xf5xd4x23x53x80x2ex50xeex93xf4x2bx34x11xe9x8bxbfx81xc9x2ax13x57x99x20xd8x13xc5x24xdfxf0x7dx50x54xf7x51xd1x2exdcx75xbaxf5x7dx2fx66x5bx81x2fxcex04x27x3bxfcx51x51x66x6axa7xd3x1cxd3xa7xebx1ex73xc0xdax95x1cx97xe2x7fx59x67xa9x22xcbxe0x74xb7x4ex6dx87x6dx8cx88x04x84x6cx6fx14xedx69x2bx92x1dx03x24x77x22xb0x45x52x41x57xd6x3exa8xf2x5exa4xb4"
不过,使用 base64 编码会更紧凑、更高效:
import base64
base64_encoded = base64.b64encode(data)
print('base64_encoded length: {}, "{}"'.format(len(base64_encoded), base64_encoded))
输出:
base64_encoded length: 304, "28PZdCT0vuhaJxNfMcmxMzF3F4PHBAOfScXmo4aACVtX84C+ZiH2y9v1fJnXftAJY/L9PsS523HVD+TdFRGYH0rxodCf8OYMb6C/W8JVyxnfVBsWXy8e6BSFITiEkmqgrv1K0WMetpgI1Uwb2SesKiXrk4Oo9dQjU4AuUO6T9Cs0EemLv4HJKhNXmSDYE8Uk3/B9UFT3UdEu3HW69X0vZluBL84EJzv8UVFmaqfTHNOn6x5zwNqVHJfif1lnqSLL4HS3Tm2HbYyIBIRsbxTtaSuSHQMkdyKwRVJBV9Y+qPJepLQ="