Generating Shellcode

The actual version of OWASP ZSC (1.1.0) provides conversion to Linux, Windows and OSX Shellcode. We expect to extend the capabilities of modules such as Windows and OSX in the future.

Via zsc command , you are able to enter the software [or run python zsc.py if you don’t want install it],

Enter help to obtain the menu:

To generate shellcode , you must type shellcode and then press enter, after that, you can see what’s available in shellcode section.

There is generate , search and download choices in here which use for generate shellcodes , search and download shellcode from shellstorm.

To generate a shellcode, type generate and press enter, after that with a tab key, you can have list of operation systems available in there. (As explained before, only Linux_x86 is available)

With pressing tab key again, functions will be shown for you in this step [ such as exec ,systm,write and etc]. choose your function by writing the name example: exec and press enter.

In the next section you have to fill the argv of the function which exec() function have one example: exec("/bin/bash"), all you need in this section is pressing a tab and then enter key, software will automatically ask you for function argv. Fill them and next section software will ask you for shellcode type which can be none or choose one of listed encoding types. After entering that, your shellcode is ready!

There is also the alternative to obtain payloads with reliable shellcode using Shell-Storm API.

Special Options

Every shellcode generation option has the possibility to generate assembly code, shellcode and an executable file in C language that includes the shellcode

Output assembly code?(y or n)> 
Output shellcode to screen?(y or n)> 
Shellcode output to a .c file?(y or n)>