The actual version of OWASP ZSC (1.1.0) provides conversion to Linux, Windows and OSX Shellcode. We expect to extend the capabilities of modules such as Windows and OSX in the future.
zsc command , you are able to enter the software [or run python zsc.py if you don’t want install it],
help to obtain the menu:
To generate shellcode , you must type
shellcode and then press enter, after that, you can see what’s available in
download choices in here which use for
generate shellcodes ,
download shellcode from shellstorm.
To generate a shellcode, type
generate and press enter, after that with a
tab key, you can have list of operation systems available in there. (As explained before, only Linux_x86 is available)
tab key again, functions will be shown for you in this step [ such as
etc]. choose your function by writing the name
example: exec and press enter.
In the next section you have to fill the argv of the function which exec() function have one
example: exec("/bin/bash"), all you need in this section is pressing a
tab and then
enter key, software will automatically ask you for function argv. Fill them and next section software will ask you for shellcode type which can be
none or choose one of listed encoding types. After entering that, your shellcode is ready!
There is also the alternative to obtain payloads with reliable shellcode using Shell-Storm API.
Every shellcode generation option has the possibility to generate assembly code, shellcode and an executable file in C language that includes the shellcode
Output assembly code?(y or n)> Output shellcode to screen?(y or n)> Shellcode output to a .c file?(y or n)>