Quickly Modify Shellcode Formats
tl;dr: Quickly and easily convert your raw binary output from Cobalt Strike (or any other source) into a variety of shellcode formats with either script
- Python - https://github.com/FortyNorthSecurity/RandomScripts/blob/main/Cobalt Scripts/shellcode_formatter.py
- PowerShell - https://github.com/FortyNorthSecurity/RandomScripts/blob/main/Cobalt Scripts/shellcode_formatter.ps1
When I need shellcode from Cobalt Strike, for any sort of reason, my default go-to is to use Cobalt's ability to generate Raw shellcode.
I like to use this as my go to because of two reasons:
- I don't want to use anything generated by Cobalt Strike which would already have the code embedded. Yes, we can modify the default templates used by Cobalt Strike, but I just prefer to already have my code written and in a format that can have shellcode easily added in
- The Raw format lets me easily convert the binary data into any format that I want
I have two separate scripts that simply take a path to the .bin file that's generated by Cobalt Strike and it will convert it into multiple formats:
- Base64 encoded shellcode
- C/C++ format
- C#
- Base64 C# formatted shellcode
- F#
There's both a Python and PowerShell script that will convert the binary data into the various shellcode formats, so feel free to use either depending on the platform you're on.
Hope that this helps, feel free to contact us with any questions you may have!