drinkme can handle shellcode in the following formats:
- “0x##”
- “x##”
- “x##”
- “##”
For example, NOP could be represented as any of “0x90”, “x90”, “x90”, or “90”.
When processing the input drinkme will ignore any of the following:
- C and C++ style comments.
- All whitespace.
- Any characters from the set [”,;].
Examples
write(STDOUT_FILENO, “Hello world!n”, strlen(“Hello world!n”))
[email protected]:~$ cat hello_world.x86_64
xebx1dx5ex48x31xc0xb0x01x48x31xffx40xb7x01x48x31xd2xb2x0dx0fx05x48x31xc0xb0x3cx48x31xffx0fx05xe8xdexffxffxffx48x65x6cx6cx6fx20x77x6fx72x6cx64x21x0a
[email protected]:~$ cat hello_world.x86_64 | drinkme
Hello world!
execve(“/bin/sh”)
[email protected]:~$ cat execve_bin_sh.x86_64
"x48x31xd2" // xor %rdx, %rdx
"x48xbbx2fx2fx62x69x6ex2fx73x68" // mov $0x68732f6e69622f2f, %rbx
"x48xc1xebx08" // shr $0x8, %rbx
"x53" // push %rbx
"x48x89xe7" // mov %rsp, %rdi
"x50" // push %rax
"x57" // push %rdi
"x48x89xe6" // mov %rsp, %rsi
"xb0x3b" // mov $0x3b, %al
"x0fx05"; // syscall
[email protected]:~$ echo $$
3880
[email protected]:~$ cat execve_bin_sh.x86_64 | drinkme
$ echo $$
18613
msfvenom to exec “/usr/bin/id”
[email protected]:~# msfvenom --arch x86_64 --platform linux -f hex -p linux/x64/exec CMD=/usr/bin/id
No encoder or badchars specified, outputting raw payload
Payload size: 51 bytes
Final size of hex file: 102 bytes
6a3b589948bb2f62696e2f736800534889e7682d6300004889e652e80c0000002f7573722f62696e2f69640056574889e60f05
[email protected]:~# msfvenom --arch x86_64 --platform linux -f hex -p linux/x64/exec CMD=/usr/bin/id | drinkme
No encoder or badchars specified, outputting raw payload
Payload size: 51 bytes
Final size of hex file: 102 bytes
uid=0(root) gid=0(root) groups=0(root)
Usage
usage: drinkme [-p] [-h]
-p Print the formatted shellcode. Don't execute it.
-h Print this help message.
Example: cat hello_world.x86_64 | drinkme