Stress Testing

drinkme – Shellcode Testing Harness

Posted on

drinkme is a shellcode test harness. It reads shellcode from stdin and executes it. This allows pentesters to quickly test their payloads before deployment.
Formats
drinkme can handle shellcode in the following formats:

  • “0x##”
  • “x##”
  • “x##”
  • “##”

For example, NOP could be represented as any of “0x90”, “x90”, “x90”, or “90”.
When processing the input drinkme will ignore any of the following:

  • C and C++ style comments.
  • All whitespace.
  • Any characters from the set [”,;].

Examples
write(STDOUT_FILENO, “Hello world!n”, strlen(“Hello world!n”))

[email protected]:~$ cat hello_world.x86_64 
xebx1dx5ex48x31xc0xb0x01x48x31xffx40xb7x01x48x31xd2xb2x0dx0fx05x48x31xc0xb0x3cx48x31xffx0fx05xe8xdexffxffxffx48x65x6cx6cx6fx20x77x6fx72x6cx64x21x0a

[email protected]:~$ cat hello_world.x86_64 | drinkme
Hello world!

execve(“/bin/sh”)

[email protected]:~$ cat execve_bin_sh.x86_64 
    "x48x31xd2"                                  // xor    %rdx, %rdx
    "x48xbbx2fx2fx62x69x6ex2fx73x68"      // mov $0x68732f6e69622f2f, %rbx
    "x48xc1xebx08"                              // shr    $0x8, %rbx
    "x53"                                          // push   %rbx
    "x48x89xe7"                                  // mov    %rsp, %rdi
    "x50"                                          // push   %rax
    "x57"                                          // push   %rdi
    "x48x89xe6"                                  // mov    %rsp, %rsi
    "xb0x3b"                                      // mov    $0x3b, %al
    "x0fx05";                                     // syscall

[email protected]:~$ echo $$
3880

[email protected]:~$ cat execve_bin_sh.x86_64 | drinkme

$ echo $$
18613

msfvenom to exec “/usr/bin/id”

[email protected]:~# msfvenom --arch x86_64 --platform linux -f hex -p linux/x64/exec CMD=/usr/bin/id 
No encoder or badchars specified, outputting raw payload
Payload size: 51 bytes
Final size of hex file: 102 bytes
6a3b589948bb2f62696e2f736800534889e7682d6300004889e652e80c0000002f7573722f62696e2f69640056574889e60f05

[email protected]:~# msfvenom --arch x86_64 --platform linux -f hex -p linux/x64/exec CMD=/usr/bin/id | drinkme 
No encoder or badchars specified, outputting raw payload
Payload size: 51 bytes
Final size of hex file: 102 bytes

uid=0(root) gid=0(root) groups=0(root)

Usage

usage:    drinkme [-p] [-h]
           -p  Print the formatted shellcode. Don't execute it.
           -h  Print this help message.

Example:  cat hello_world.x86_64 | drinkme
Related Items:, , , ,

Recommended for you

To Top

Pin It on Pinterest

Share This