Skip to content

emptymonkey/drinkme

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Makefile
 
 
README.md
 
 
drinkme.c
 
 
execve_bin_sh.x86_64
 
 
hello_world.i686
 
 
hello_world.x86_64
 
 
hello_world.x86_64.nopsled.10k
 
 
tests
 
 
drinkme Formats Examples Usage

README.md

drinkme

drinkme is a shellcode test harness. It reads shellcode from stdin and executes it. This allows pentesters to quickly test their payloads before deployment.

Formats

drinkme can handle shellcode in the following formats:

  • "0x##"
  • "\x##"
  • "x##"
  • "##"

For example, NOP could be represented as any of "0x90", "\x90", "x90", or "90".

When processing the input drinkme will ignore any of the following:

  • C and C++ style comments.
  • All whitespace.
  • Any characters from the set [\",;].

Examples

write(STDOUT_FILENO, "Hello world!\n", strlen("Hello world!\n"))

empty@monkey:~$ cat hello_world.x86_64 
\xeb\x1d\x5e\x48\x31\xc0\xb0\x01\x48\x31\xff\x40\xb7\x01\x48\x31\xd2\xb2\x0d\x0f\x05\x48\x31\xc0\xb0\x3c\x48\x31\xff\x0f\x05\xe8\xde\xff\xff\xff\x48\x65\x6c\x6c\x6f\x20\x77\x6f\x72\x6c\x64\x21\x0a

empty@monkey:~$ cat hello_world.x86_64 | drinkme
Hello world!

execve("/bin/sh")

empty@monkey:~$ cat execve_bin_sh.x86_64 
    "\x48\x31\xd2"                                  // xor    %rdx, %rdx
    "\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68"      // mov	$0x68732f6e69622f2f, %rbx
    "\x48\xc1\xeb\x08"                              // shr    $0x8, %rbx
    "\x53"                                          // push   %rbx
    "\x48\x89\xe7"                                  // mov    %rsp, %rdi
    "\x50"                                          // push   %rax
    "\x57"                                          // push   %rdi
    "\x48\x89\xe6"                                  // mov    %rsp, %rsi
    "\xb0\x3b"                                      // mov    $0x3b, %al
    "\x0f\x05";                                     // syscall

empty@monkey:~$ echo $$
3880

empty@monkey:~$ cat execve_bin_sh.x86_64 | drinkme

$ echo $$
18613

msfvenom to exec "/usr/bin/id"

root@kali-amd64:~# msfvenom --arch x86_64 --platform linux -f hex -p linux/x64/exec CMD=/usr/bin/id 
No encoder or badchars specified, outputting raw payload
Payload size: 51 bytes
Final size of hex file: 102 bytes
6a3b589948bb2f62696e2f736800534889e7682d6300004889e652e80c0000002f7573722f62696e2f69640056574889e60f05

root@kali-amd64:~# msfvenom --arch x86_64 --platform linux -f hex -p linux/x64/exec CMD=/usr/bin/id | drinkme 
No encoder or badchars specified, outputting raw payload
Payload size: 51 bytes
Final size of hex file: 102 bytes

uid=0(root) gid=0(root) groups=0(root)

Usage

usage:    drinkme [-p] [-h]
           -p  Print the formatted shellcode. Don't execute it.
           -h  Print this help message.

Example:  cat hello_world.x86_64 | drinkme

About

A shellcode testing harness.

Resources

Readme

Stars

69 stars

Watchers

7 watching

Forks

25 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages