Position-Independent Code / Shellcode
Compile runner with nasm & MinGW (stolen from PIC-Get-Privileges) for testing purposes:
Automated with Bash (like shcode2exe):
Last updated
; Compile with:
; nasm -f win64 runShellcode.asm -o runShellcode.o
; x86_64-w64-mingw32-ld runShellcode.o -o runShellcode.exe
Global Start
Start:
incbin "shellcode.bin"#!/usr/bin/env bash
# Usage:
# bin2compile.sh {32|64} <INPUT_BIN> [OUTPUT_EXE]
# Examples:
# msfvenom -p windows/x64/exec CMD=calc.exe -f raw -o calc.bin
# bin2compile.sh 64 calc.bin calc.exe
ARCH="${1}"
SC_PATH=`realpath "${2}"`
SC_NAME=`basename "${SC_PATH}"`
SC_NAME="${SC_NAME%.*}"
[[ "${#}" -gt 2 ]] && EXE_NAME="${3}" || EXE_NAME="${SC_NAME}.exe"
cat << EOT > "/tmp/${SC_NAME}.asm"
global _start
section .text
_start:
incbin "${SC_PATH}"
EOT
if [[ "${ARCH}" == "32" ]]; then
NASM_ARCH="win32"
LD_ARCH="i386pe"
elif [[ "${ARCH}" == "64" ]]; then
NASM_ARCH="win64"
LD_ARCH="i386pep"
fi
echo "[*] Compiling x${ARCH}"
echo "[*] Compilation time: `date "+%F %H:%M:%S"`"
nasm -f "${NASM_ARCH}" -o "/tmp/${SC_NAME}.obj" "/tmp/${SC_NAME}.asm"
ld -m "${LD_ARCH}" -o "${EXE_NAME}" "/tmp/${SC_NAME}.obj" #-s --subsystem=windows
#strip "${EXE_NAME}"
if [[ "$?" -ne 1 ]]; then
echo "[+] Success"
echo "[+] Output size: `stat -c %s ${EXE_NAME} | numfmt --to=iec`"
else
echo "[-] Failed"
fi
rm -f /tmp/${SC_NAME}.{asm,obj}