{"id":19075245,"url":"https://github.com/0xvpr/vpr-shell-shock","last_synced_at":"2025-09-07T17:31:41.441Z","repository":{"id":119531173,"uuid":"584928128","full_name":"0xvpr/vpr-shell-shock","owner":"0xvpr","description":"A C99/C++17 compatible header only library capable of creating position independent shellcode.","archived":false,"fork":false,"pushed_at":"2025-03-10T00:25:18.000Z","size":614,"stargazers_count":5,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-08T06:11:47.126Z","etag":null,"topics":["binary","exploit-development","header-only","header-only-library","pe32","pe32plus","position-independent-code","shellcode","shellcode-development","windows"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xvpr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-03T21:59:03.000Z","updated_at":"2025-03-10T00:25:22.000Z","dependencies_parsed_at":null,"dependency_job_id":"49d2013c-8582-4d1d-9065-9830d43da5b8","html_url":"https://github.com/0xvpr/vpr-shell-shock","commit_stats":null,"previous_names":[],"tags_count":0,"template":true,"template_full_name":null,"purl":"pkg:github/0xvpr/vpr-shell-shock","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xvpr%2Fvpr-shell-shock","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xvpr%2Fvpr-shell-shock/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xvpr%2Fvpr-shell-shock/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xvpr%2Fvpr-shell-shock/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xvpr","download_url":"https://codeload.github.com/0xvpr/vpr-shell-shock/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xvpr%2Fvpr-shell-shock/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274068087,"owners_count":25216845,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-07T02:00:09.463Z","response_time":67,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary","exploit-development","header-only","header-only-library","pe32","pe32plus","position-independent-code","shellcode","shellcode-development","windows"],"created_at":"2024-11-09T01:54:07.271Z","updated_at":"2025-09-07T17:31:41.416Z","avatar_url":"https://github.com/0xvpr.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eshell-shock\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Windows--x86__64-supported-green\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Windows--x86-supported-green\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Linux--x86__64-unsupported-red\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Linux--x86-unsupported-red\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/MSVC-supported-green\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/MinGW-supported-green\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/clang-supported-green\"\u003e\n  \u003ca href=\"https://mit-license.org/\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/license/0xvpr/vpr-shell-shock?style=flat-square\"\u003e\n  \u003c/a\u003e\n  \u003cbr\u003e\n  \u003ch3 align=\"center\"\u003eInspired by: Dark VortEx from bruteratel.com\u003c/h3\u003e\n  \u003cbr\u003e\n\u003c/p\u003e\n\n## How to use\nOne way to use the shellshock.h header is to:\n- Create a 'Shellshock' object\n- Resolve functions that you intend to use with the 'load_' member functions\n- Utilize a singular function and make sure that all variables are created  \n  on the stack\n\nOnce something like this is achieved, you can compile the binary to an object  \nfile and dump the `.text` section out to a whatever you like. That dump **should**  \nbe position independent.\n\n## Integration Using CMake\n### System-wide installation\n```bash\ngit clone https://github.com/0xvpr/vpr-shell-shock.git\ncd vpr-shell-shock\ncmake -DCMAKE_INSTALL_PREFIX=/your/desired/path/ -B build\ncmake --install build\n```\n\n### Local installation (fetch directly from github)\n```cmake\n#set( CMAKE_C_STANDARD   99 ) # at least c99 if using c\n#set( CMAKE_CXX_STANDARD 17 ) # at least c++17 if using cpp\n\ninclude(FetchContent)\nFetchContent_Declare(\n  vpr-shell-shock\n  GIT_REPOSITORY https://github.com/0xvpr/vpr-shell-shock.git\n  GIT_TAG main  # Or use a specific version tag like \"v1.0.0\"\n)\nFetchContent_MakeAvailable(vpr-shell-shock)\n\nadd_executable(app main.cpp)\ntarget_link_libraries(app PRIVATE vpr-shell-shock::shell-shock)\n```\n\n### Quick Example\n```cpp\n#include \"vpr/shellshock.h\"\n\ntypedef int (WINAPI * MessageBoxA_t)(HWND, LPCSTR, LPCSTR, UINT);\n\nextern \"C\" int payload_cpp(void) {\n    auto ss = vpr::ss::shellshock();\n\n    // Load target function into a temporary variable.\n    char szMessageBoxA[] = \"MessageBoxA\";\n    auto fMessageBoxA = ss.find_user32_func\u003cMessageBoxA_t\u003e(szMessageBoxA);\n    \n    // Perform function call\n    char szTitle[] = \"Shellshock\";\n    char szMessage[] = \"Success.\";\n    fMessageBoxA \u0026\u0026 fMessageBoxA(nullptr, szMessage, szTitle, 0);\n\n    return 0;\n}\n```\n\nIf you are using MinGW and you want the payload to be immediately exported to a file,  \nyou can do the following:\n```cpp\n// Payload that will be exported to shellcode\nextern \"C\" auto payload() noexcept -\u003e void { (...) }\n// Immediately after the function ends\nvoid stub() {\n    return;\n}\n\nint main() {\n    auto pd = ss::payload_data::build_from_payload(payload, stub);\n    pd.extract_to_file(\"shellcode.bin\");\n}\n```\n\n### Compilation\nCompiling this code to an executable **should** export the code to the specified  \nfile location.\n\nCompiling this code to an object **should** mean that the `payload` function of  \nthe `.text` section is out new position independent executable.\n\nNOTE: Compilation may fail if position-independent-code is not enabled AND/OR if function sections are enabled.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xvpr%2Fvpr-shell-shock","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xvpr%2Fvpr-shell-shock","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xvpr%2Fvpr-shell-shock/lists"}