rs-shellcode

A shellcode runner write in Rust.

how to use it

Install rustup.

rustup default

Use msfvenom generate shellcode for test.

msfvenom -p windows/x64/exec CMD=calc.exe  --platform win -f raw -o calc64.raw

XOR obfuscated payload.

msfvenom --platform windows --arch x64  -p windows/x64/exec CMD=calc.exe -f raw --encrypt xor --encrypt-key "\x55"

XOR obfuscated payload for linux.

msfvenom --platform linux --arch x64  -p linux/x64/exec  -f raw --encrypt xor --encrypt-key "\x55"

Build:

cargo build --release

On linux using cross:

cross build -r --target=x86_64-pc-windows-gnu

Usage:

Usage: rs_shellcode [OPTIONS] --file <file>

Options:
  -f, --file <file>      shellcode path
  -b, --breakpoint       set breakpoint in debugger
  -o, --offset <offset>  shellcode offset
  -x, --xor <xor>        deobfuscate with XOR encoding
  -s, --stealth          removes shell code and itself
  -h, --help             Print help
  -V, --version          Print version

Run:

./target/debug/rs_shellcode.exe -f <SHELLCODE_PATH>

When your shellcode not start at offset 0, you can specify the offset use -o:

./target/debug/rs_shellcode.exe -f <SHELLCODE_PATH> -o 0x30

Run with breakpoint flag (-b):

./target/debug/rs_shellcode.exe -f <SHELLCODE_PATH> -b

use this flag, you can break just before your shellcode in the debugger, which will make your life easier.