Ithesin Shellcoding Helper Tool

Here's a tool I did couple of years ago and thought it's time to publish it and maybe someone will take the time to extend or make it more portable.

Snipped out of the README:

Ithesin is a tool which should help you to create shellcodes
way faster and easier than converting all by hand.

You only need to provide the asm source file to Ithesin
and the tool will convert it directly to shellcode with or without encoding.

To compile it simply type make in the Ithesin folder:

ptdeb:~/Ithesin# make
cc -W -Wall -c ithesin.c -o ithesin.o
cc -W -Wall -c utils.c -o utils.o
cc -W -Wall -c print.c -o print.o
cc ithesin.o utils.o print.o  -o ithesin
ptdeb:~/Ithesin# 

Now Ithesin is build and you can take a loop at the options if you like:

ptdeb:~/Ithesin# ./ithesin
Usage: ./ithesin -f asm.o [options]
	-f	Filename
	-c	C output
	-p	Perl output
	-P	Python output
	-S	One Line output
	-d	Documented output (only available without encoding)
	-e	Encoding (1=xor, 2=add, 3=sub)
	-o	Offset to be used for encoding
	-t	Execute shellcode
	-v	Verify shellcode (strace)

There's an example included in the Ithesin folder called example.s, feel free to try it out and play with it:

ptdeb:~/Ithesin# gcc -c example.s 
ptdeb:~/Ithesin# ./ithesin -f example.o -c
[+] Generating Shellcode
[+] Checking for NULL bytes
[+] No NULL bytes found
char shellcode[] = 	"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3"
			"\x50\x54\x53\x50\xb0\x3b\xcd\x80";

or with some nice asm documentation style:

ptdeb:~/Ithesin# ./ithesin -f example.o -c -d
[+] Generating Shellcode
[+] Checking for NULL bytes
[+] No NULL bytes found
char shellcode[]  = 
			"\x31\xc0"		/* xor    %eax,%eax */
			"\x50"			/* push   %eax */
			"\x68\x2f\x2f\x73\x68"	/* push   $0x68732f2f */
			"\x68\x2f\x62\x69\x6e"	/* push   $0x6e69622f */
			"\x89\xe3"		/* mov    %esp,%ebx */
			"\x50"			/* push   %eax */
			"\x54"			/* push   %esp */
			"\x53"			/* push   %ebx */
			"\x50"			/* push   %eax */
			"\xb0\x3b"		/* mov    $0x3b,%al */
			"\xcd\x80"		/* int    $0x80 */
			; /* EOF */

It's nothing life changing, but it helped in the earlier times :)
Maybe someone will like it as well and perhaps continue the project.
Ithesin.tar

© 2015 coma. All rights reserved.
Disclaimer: There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk.
In no event shall the author be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.