Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/phx/lilendian

A small program that simply returns escaped shell code in Little Endian format for whatever memory address you enter as the first argument.
https://github.com/phx/lilendian

Last synced: about 1 month ago
JSON representation

A small program that simply returns escaped shell code in Little Endian format for whatever memory address you enter as the first argument.

Host: GitHub
URL: https://github.com/phx/lilendian
Owner: phx
License: mit
Created: 2020-05-25T19:02:44.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2021-10-11T16:31:02.000Z (about 3 years ago)
Last Synced: 2024-11-16T07:15:39.308Z (about 2 months ago)
Language: Python
Size: 670 KB
Stars: 5
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

![lil endian](https://raw.githubusercontent.com/phx/lilendian/master/lilendian.png)

# lil endian

This program is comptaible with both Python 2 and 3.

It simply returns escaped shell code in Little Endian format for whatever memory address is submitted as the first argument.

It's smart enough to distinguish between addresses with an `0x` prefix and accounts for that.

If the address is only in the 64-bit range, you will only receive the 64-bit output.

If the address can fit in the x86_64 ranges, you will receive both 32 and 64-bit output.

## Install for python3 via PyPI:

`pip3 install lilendian`

## Install for python2 via setup.py:

`python setup.py install`

## Run in place:

`./lilendian [single memory address]`

### Examples

```
$ ./lilendian deadbeef
\xef\xbe\xad\xde
\xef\xbe\xad\xde\x00\x00\x00\x00

$ ./lilendian 0xdeadbeef
\xef\xbe\xad\xde
\xef\xbe\xad\xde\x00\x00\x00\x00

$ ./lilendian 0x00007fffffffd980
\x80\xd9\xff\xff\xff\x7f\x00\x00
```

### Shell script example snippet:

Let's say you wanted to get a piece of 64-bit shellcode for `0xdeadbeef + 0xbadcafe + 0xcafebabe + 0xabadbabe`.

```sh
for addr in {0xdeadbeef,0xbadcafe,0xcafebabe,0xabadbabe}; do
lilendian $addr | tail -1
done | tr -d "\n"; echo

Output:
\xef\xbe\xad\xde\x00\x00\x00\x00\xfe\xca\xad\x0b\x00\x00\x00\x00\xbe\xba\xfe\xca\x00\x00\x00\x00\xbe\xba\xad\xab\x00\x00\x00\x00
```

Copy and paste that guy straight into your payload.

### Calling from within `gdb`:

```
(gdb) ! lilendian 0xdeadbeef
\xef\xbe\xad\xde
\xef\xbe\xad\xde\x00\x00\x00\x00
```

### Future:

I might tweak it in the future to take multiple memory addresses, but as of right now, it only outputs a single memory address.

I have kept it short and simple to be easily scriptable, so I'll leave the rest up to you.