pwnlib.encoders — Encoding Shellcode

Encode shellcode to avoid input filtering and impress your friends!

pwnlib.encoders.encoder.alphanumeric(raw_bytes) → str[source]

Encode the shellcode raw_bytes such that it does not contain any bytes except for [A-Za-z0-9].

Accepts the same arguments as encode().

pwnlib.encoders.encoder.encode(raw_bytes, avoid, expr, force) → str[source]

Encode shellcode raw_bytes such that it does not contain any bytes in avoid or expr.

Parameters:
  • raw_bytes (str) – Sequence of shellcode bytes to encode.
  • avoid (str) – Bytes to avoid
  • expr (str) – Regular expression which matches bad characters.
  • force (bool) – Force re-encoding of the shellcode, even if it doesn’t contain any bytes in avoid.
pwnlib.encoders.encoder.line(raw_bytes) → str[source]

Encode the shellcode raw_bytes such that it does not contain any NULL bytes or whitespace.

Accepts the same arguments as encode().

pwnlib.encoders.encoder.null(raw_bytes) → str[source]

Encode the shellcode raw_bytes such that it does not contain any NULL bytes.

Accepts the same arguments as encode().

pwnlib.encoders.encoder.printable(raw_bytes) → str[source]

Encode the shellcode raw_bytes such that it only contains non-space printable bytes.

Accepts the same arguments as encode().

pwnlib.encoders.encoder.scramble(raw_bytes) → str[source]

Encodes the input data with a random encoder.

Accepts the same arguments as encode().

class pwnlib.encoders.i386.xor.i386XorEncoder[source]

Generates an XOR decoder for i386.

>>> context.clear(arch='i386')
>>> shellcode = asm(shellcraft.sh())
>>> avoid = '/bin/sh\xcc\xcd\x80'
>>> encoded = pwnlib.encoders.i386.xor.encode(shellcode, avoid)
>>> assert not any(c in encoded for c in avoid)
>>> p = run_shellcode(encoded)
>>> p.sendline('echo hello; exit')
>>> p.recvline()
'hello\n'

Shellcode encoder class

Implements an architecture-specific shellcode encoder