hexadecimal string to python variable with xxd and msfvenom

Given an hexadecimal string as following:

$ cat hexstring
0c571e88ab7625cd4e231458c2b59fbd88bd63bd723bdb180f422d3a3f93
07a47fe1409830adf499b2e17d728561f807888d72254ef380377dd7e552
9ef03e48034fdd319b8d85d33b034ce165f3ac8a83032bba85335e25cf6c
e199037271b7eb17a31d5671730a3fdcddfbbba9e2c89af2a7dd6d08fbca
33b6ade536ba3696

There is a easy way to transform it to a python variable (or other msfvenom supported format) following this simple steps:

  1. Transform to binary form using xxd
$ cat hexstring | xxd -r -p > binary
$ xxd binary 
00000000: 0c57 1e88 ab76 25cd 4e23 1458 c2b5 9fbd  .W...v%.N#.X....
00000010: 88bd 63bd 723b db18 0f42 2d3a 3f93 07a4  ..c.r;...B-:?...
00000020: 7fe1 4098 30ad f499 b2e1 7d72 8561 f807  ..@.0.....}r.a..
00000030: 888d 7225 4ef3 8037 7dd7 e552 9ef0 3e48  ..r%N..7}..R..>H
00000040: 034f dd31 9b8d 85d3 3b03 4ce1 65f3 ac8a  .O.1....;.L.e...
00000050: 8303 2bba 8533 5e25 cf6c e199 0372 71b7  ..+..3^%.l...rq.
00000060: eb17 a31d 5671 730a 3fdc ddfb bba9 e2c8  ....Vqs.?.......
00000070: 9af2 a7dd 6d08 fbca 33b6 ade5 36ba 3696  ....m...3...6.6.

2. Use msfvenom generic/payload payload to transform it to a python representation

msfvenom -p generic/custom PAYLOADFILE=binary -f python
[-] No platform was selected, choosing Msf::Module::Platform from the payload
[-] No arch selected, selecting arch: x86 from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 128 bytes
Final size of python file: 622 bytes
buf =  ""
buf += "\x0c\x57\x1e\x88\xab\x76\x25\xcd\x4e\x23\x14\x58\xc2"
buf += "\xb5\x9f\xbd\x88\xbd\x63\xbd\x72\x3b\xdb\x18\x0f\x42"
buf += "\x2d\x3a\x3f\x93\x07\xa4\x7f\xe1\x40\x98\x30\xad\xf4"
buf += "\x99\xb2\xe1\x7d\x72\x85\x61\xf8\x07\x88\x8d\x72\x25"
buf += "\x4e\xf3\x80\x37\x7d\xd7\xe5\x52\x9e\xf0\x3e\x48\x03"
buf += "\x4f\xdd\x31\x9b\x8d\x85\xd3\x3b\x03\x4c\xe1\x65\xf3"
buf += "\xac\x8a\x83\x03\x2b\xba\x85\x33\x5e\x25\xcf\x6c\xe1"
buf += "\x99\x03\x72\x71\xb7\xeb\x17\xa3\x1d\x56\x71\x73\x0a"
buf += "\x3f\xdc\xdd\xfb\xbb\xa9\xe2\xc8\x9a\xf2\xa7\xdd\x6d"
buf += "\x08\xfb\xca\x33\xb6\xad\xe5\x36\xba\x36\x96"

That's it! Now it is ready for use in your pyhton exploit. :-)


More from csk