hexadecimal string to python variable with xxd and msfvenom
November 23, 2019โข233 words
Given an hexadecimal string as following:
$ cat hexstring 0c571e88ab7625cd4e231458c2b59fbd88bd63bd723bdb180f422d3a3f93 07a47fe1409830adf499b2e17d728561f807888d72254ef380377dd7e552 9ef03e48034fdd319b8d85d33b034ce165f3ac8a83032bba85335e25cf6c e199037271b7eb17a31d5671730a3fdcddfbbba9e2c89af2a7dd6d08fbca 33b6ade536ba3696
There is a easy way to transform it to a python variable (or other msfvenom supported format) following this simple steps:
- Transform to binary form using
xxd
$ cat hexstring | xxd -r -p > binary $ xxd binary 00000000: 0c57 1e88 ab76 25cd 4e23 1458 c2b5 9fbd .W...v%.N#.X.... 00000010: 88bd 63bd 723b db18 0f42 2d3a 3f93 07a4 ..c.r;...B-:?... 00000020: 7fe1 4098 30ad f499 b2e1 7d72 8561 f807 ..@.0.....}r.a.. 00000030: 888d 7225 4ef3 8037 7dd7 e552 9ef0 3e48 ..r%N..7}..R..>H 00000040: 034f dd31 9b8d 85d3 3b03 4ce1 65f3 ac8a .O.1....;.L.e... 00000050: 8303 2bba 8533 5e25 cf6c e199 0372 71b7 ..+..3^%.l...rq. 00000060: eb17 a31d 5671 730a 3fdc ddfb bba9 e2c8 ....Vqs.?....... 00000070: 9af2 a7dd 6d08 fbca 33b6 ade5 36ba 3696 ....m...3...6.6.
2. Use msfvenom generic/payload payload to transform it to a python representation
msfvenom -p generic/custom PAYLOADFILE=binary -f python [-] No platform was selected, choosing Msf::Module::Platform from the payload [-] No arch selected, selecting arch: x86 from the payload No encoder or badchars specified, outputting raw payload Payload size: 128 bytes Final size of python file: 622 bytes buf = "" buf += "\x0c\x57\x1e\x88\xab\x76\x25\xcd\x4e\x23\x14\x58\xc2" buf += "\xb5\x9f\xbd\x88\xbd\x63\xbd\x72\x3b\xdb\x18\x0f\x42" buf += "\x2d\x3a\x3f\x93\x07\xa4\x7f\xe1\x40\x98\x30\xad\xf4" buf += "\x99\xb2\xe1\x7d\x72\x85\x61\xf8\x07\x88\x8d\x72\x25" buf += "\x4e\xf3\x80\x37\x7d\xd7\xe5\x52\x9e\xf0\x3e\x48\x03" buf += "\x4f\xdd\x31\x9b\x8d\x85\xd3\x3b\x03\x4c\xe1\x65\xf3" buf += "\xac\x8a\x83\x03\x2b\xba\x85\x33\x5e\x25\xcf\x6c\xe1" buf += "\x99\x03\x72\x71\xb7\xeb\x17\xa3\x1d\x56\x71\x73\x0a" buf += "\x3f\xdc\xdd\xfb\xbb\xa9\xe2\xc8\x9a\xf2\xa7\xdd\x6d" buf += "\x08\xfb\xca\x33\xb6\xad\xe5\x36\xba\x36\x96"
That's it! Now it is ready for use in your pyhton exploit. :-)