Skip to content
We collect many tools used in buffer overflow development in one place, repeating with new idea is not a shame - thanks China :)
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
gems/colorize-0.5.8
lib
README.md
TODO
bofk-cli.rb

README.md

BufferOverflow-Kit

We collect many tools used in buffer overflow development in one place, repeating with new idea is not a shame - thanks China :) If you are a buffer overflow guy, then may you like to contribute and develop with us ALL your tools in ONE place.

What BufferOverflow Kit contain?

  • Commandline base.
  • pattern create (like metasploit pattern_create script)
  • pattern offset (like metasploit pattern_offset script)
  • Hex to Little endian chracter (ex. \x41\x\42\x\43\x44 to \x44\x43\x42\x41)
  • Convert Hex shellcode to Binary file
  • Convert Binary file to Hex raw
  • Find jmp,call and pop pop ret address from (exe, dll) files (like msfpescan)
  • and more will be added,,

How to use?

Make sure ruby is installed. Tested on Ruby 1.9.3 only

Required gems

gem install colorize

Help

Usage: ruby bofk-cli.rb {OPTIONS} ARGUMENT

Help menu:
	-c, --pattern-create LENGTH      Create Unique pattern string.
	-o, --pattern-offset OFFSET      Find Pattern offset string.
	-l, --pattern-length LENGTH      Only used with 'pattern-offset' if pattern was longer than 20280.
	-e, --hex2lend OPCODE            Convert Hex to little endian characters.
	-b, --hex2bin                    Convert Hex shellcode to binary file.
	-x, --bin2hex BINARY_FILE        Convert binary shellcode to Hex string.
	-t, --type TYPE                  Used with 'bin2hex' & 'pattern-create'. Types: ruby, perl, python, c.
	-v, --version                    Display Buffer Overflow Kit version.
	-u, --update					 Update Buffer Overflow Kit.
	-h, --help                       Display help screen 

External tools - bin/
[-] hex2bin.rb   Hex to Binary file - BoFkit.
[-] nasm.exe     Assembler and disassembler.
[-] mona.py      Immunity debugger plugin - Corelan team.

Examples:
ruby bofk-cli.rb --pattern-create 500
ruby bofk-cli.rb --pattern-offset Aa4Z
ruby bofk-cli.rb --pattern-offset Zu2Z --pattern-length 40000
ruby bofk-cli.rb --hex2lend 0x41F2E377
ruby bofk-cli.rb --hex2bin
ruby bofk-cli.rb --bin2hex input.bin

Pattern create Without output format

bofk-cli.rb --pattern-create 400
Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag6Ag7Ag8Ag9Ah0Ah1Ah2Ah3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai3Ai4Ai5Ai6Ai7Ai8Ai9Aj0Aj1Aj2Aj3Aj4Aj5Aj6Aj7Aj8Aj9Ak0Ak1Ak2Ak3Ak4Ak5Ak6Ak7Ak8Ak9Al0Al1Al2Al3Al4Al5Al6Al7Al8Al9Am0Am1Am2Am3Am4Am5Am6Am7Am8Am9An0An1An2A

Support output format (Available formats: Ruby, Perl, Python, C)

bofk-cli.rb --pattern-create 200 --type perl

"Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2A" .
"d3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag" .
"6Ag7Ag8Ag9Ah0Ah1Ah2Ah3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai3Ai4Ai5Ai6Ai7Ai8Ai9Aj0Aj1Aj2Aj3Aj4Aj5Aj6Aj7Aj8Aj9" .
"Ak0Ak1Ak2Ak3Ak4Ak5Ak6Ak7Ak8Ak9Al0Al1Al2Al3Al4Al5Al6Al7Al8Al9Am0Am1Am2Am3Am4Am5Am6Am7Am8Am9An0An1An2A";

Pattern offset

ruby bofk-cli.rb --pattern-offset GAa0
27

Convert to little endian

ruby bofk-cli.rb -e \x41\x\42\x\43\x44
\x44\x43\x42\x41

Convert Binary file to hex string Without output format

ruby bofk-cli.rb --bin2hex out.bin

# Outputs
\xdb\xc1\xbe\x8e\x0c\xae\x5a\xd9\x74\x24\xf4\x5f\x33\xc9\xb1\x56\x83\xc7\x04\x31\x77\x14\x03\x77\x9a\xee\x5b\xa6\x4a\x67\xa3\x57\x8a\x18\x2d\xb2\xbb\x0a\x49\xb6\xe9\x9a\x19\x9a\x01\x50\x4f\x0f\x92\x14\x58\x20\x13\x92\xbe\x0f\xa4\x12\x7f\xc3\x66\x34\x03\x1e\xba\x96\x3a\xd1\xcf\xd7\x7b\x0c\x3f\x85\xd4\x5a\xed\x3a\x50\x1e\x2d\x3a\xb6\x14\x0d\x44\xb3\xeb\xf9\xfe\xba\x3b\x51\x74\xf4\xa3\xda\xd2\x25\xd5\x0f\x01\x19\x9c\x24\xf2\xe9\x1f\xec\xca\x12\x2e\xd0\x81\x2c\x9e\xdd\xd8\x69\x19\x3d\xaf\x81\x59\xc0\xa8\x51\x23\x1e\x3c\x44\x83\xd5\xe6\xac\x35\x3a\x70\x26\x39\xf7\xf6\x60\x5e\x06\xda\x1a\x5a\x83\xdd\xcc\xea\xd7\xf9\xc8\xb7\x8c\x60\x48\x12\x63\x9c\x8a\xfa\xdc\x38\xc0\xe9\x09\x3a\x8b\x65\xfe\x71\x34\x76\x68\x01\x47\x44\x37\xb9\xcf\xe4\xb0\x67\x17\x0a\xeb\xd0\x87\xf5\x13\x21\x81\x31\x47\x71\xb9\x90\xe7\x1a\x39\x1c\x32\x8c\x69\xb2\xec\x6d\xda\x72\x5c\x06\x30\x7d\x83\x36\x3b\x57\xb2\x70\xf5\x83\x97\x16\xf4\x33\x02\x54\x71\xd5\x46\x8a\xd4\x4d\xfe\x68\x03\x46\x99\x93\x61\xfa\x32\x04\x3d\x14\x84\x2b\xbe\x32\xa7\x80\x16\xd5\x33\xcb\xa2\xc4\x44\xc6\x82\x8f\x7d\x81\x59\xfe\xcc\x33\x5d\x2b\xa6\xd0\xcc\xb0\x36\x9e\xec\x6e\x61\xf7\xc3\x66\xe7\xe5\x7a\xd1\x15\xf4\x1b\x1a\x9d\x23\xd8\xa5\x1c\xa1\x64\x82\x0e\x7f\x64\x8e\x7a\x2f\x33\x58\xd4\x89\xed\x2a\x8e\x43\x41\xe5\x46\x15\xa9\x36\x10\x1a\xe4\xc0\xfc\xab\x51\x95\x03\x03\x36\x11\x7c\x79\xa6\xde\x57\x39\xd6\x94\xf5\x68\x7f\x71\x6c\x29\xe2\x82\x5b\x6e\x1b\x01\x69\x0f\xd8\x19\x18\x0a\xa4\x9d\xf1\x66\xb5\x4b\xf5\xd5\xb6\x59

Support output format (Available formats: Ruby, Perl, Python, C)

ruby bofk-cli.rb --bin2hex out.bin --type ruby

# Outputs
"\xda\xd0\xd9\x74\x24\xf4\x5e\x2b\xc9\xb1\x56\xbf\x9d\x28\xd0" +
"\x22\x83\xee\xfc\x31\x7e\x14\x03\x7e\x89\xca\x25\xde\x59\x83" +
"\xc6\x1f\x99\xf4\x4f\xfa\xa8\x26\x2b\x8e\x98\xf6\x3f\xc2\x10" +
"\x7c\x6d\xf7\xa3\xf0\xba\xf8\x04\xbe\x9c\x37\x95\x0e\x21\x9b" +
"\x55\x10\xdd\xe6\x89\xf2\xdc\x28\xdc\xf3\x19\x54\x2e\xa1\xf2" +
"\x12\x9c\x56\x76\x66\x1c\x56\x58\xec\x1c\x20\xdd\x33\xe8\x9a" +
"\xdc\x63\x40\x90\x97\x9b\xeb\xfe\x07\x9d\x38\x1d\x7b\xd4\x35" +
"\xd6\x0f\xe7\x9f\x26\xef\xd9\xdf\xe5\xce\xd5\xd2\xf4\x17\xd1" +
"\x0c\x83\x63\x21\xb1\x94\xb7\x5b\x6d\x10\x2a\xfb\xe6\x82\x8e" +
"\xfd\x2b\x54\x44\xf1\x80\x12\x02\x16\x17\xf6\x38\x22\x9c\xf9" +
"\xee\xa2\xe6\xdd\x2a\xee\xbd\x7c\x6a\x4a\x10\x80\x6c\x32\xcd" +
"\x24\xe6\xd1\x1a\x5e\xa5\xbd\xef\x6d\x56\x3e\x67\xe5\x25\x0c" +
"\x28\x5d\xa2\x3c\xa1\x7b\x35\x42\x98\x3c\xa9\xbd\x22\x3d\xe3" +
"\x79\x76\x6d\x9b\xa8\xf6\xe6\x5b\x54\x23\xa8\x0b\xfa\x9b\x09" +
"\xfc\xba\x4b\xe2\x16\x35\xb4\x12\x19\x9f\xc3\x14\xd7\xfb\x80" +
"\xf2\x1a\xfc\x33\xb0\x92\x1a\x51\xa6\xf2\xb5\xcd\x04\x21\x0e" +
"\x6a\x76\x03\x22\x23\xe0\x1b\x2c\xf3\x0f\x9c\x7a\x50\xa3\x34" +
"\xed\x22\xaf\x80\x0c\x35\xfa\xa0\x47\x0e\x6d\x3a\x36\xdd\x0f" +
"\x3b\x13\xb5\xac\xae\xf8\x45\xba\xd2\x56\x12\xeb\x25\xaf\xf6" +
"\x01\x1f\x19\xe4\xdb\xf9\x62\xac\x07\x3a\x6c\x2d\xc5\x06\x4a" +
"\x3d\x13\x86\xd6\x69\xcb\xd1\x80\xc7\xad\x8b\x62\xb1\x67\x67" +
"\x2d\x55\xf1\x4b\xee\x23\xfe\x81\x98\xcb\x4f\x7c\xdd\xf4\x60" +
"\xe8\xe9\x8d\x9c\x88\x16\x44\x25\xb8\x5c\xc4\x0c\x51\x39\x9d" +
"\x0c\x3c\xba\x48\x52\x39\x39\x78\x2b\xbe\x21\x09\x2e\xfa\xe5" +
"\xe2\x42\x93\x83\x04\xf0\x94\x81"

Convert Binary file to hex string

You can paste any kind of fromat(Ruby, Perl, Python, C)

ruby bofk-cli.rb --hex2bin

# Outputs
[+] Paste your shellcode then press ctrl+x

[+] Hex string has been saved in file name: .shellcode.txt

[+] Binary file name:  shellcode
[+] Binary file size:  368 bytes.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.