Welcome To OWASP ZeroDay Cyber Research Shellcoder Home
Go to download page, and download last version in github. Extract and run installer.py, then you are able to run software with OWASP ZSC command or you can directly execute zsc.py without installing it.or you can follow these commands to install the last version:
Note: Software could be uninstall with executing uninstaller.py Note: Software installation directory is “/usr/share/owasp-zsc”
How to generate shellcode with OWASP ZSC?
At first look the help menu.
-h, --h, -help, --help => to see this help guide
-os => choose your os to create shellcode
-oslist => list os for switch -os
-o => output filename
-job => what shellcode gonna dofor you ?
-joblist => list of -job switch
-encode => generate shellcode with encode
-types => types of encode for -encode switch
-wizard => wizard mod
-update => check for update
-about => about software and developers.
With these switch you can see the oslist,encode types and functions [joblist] to generate your shellcode.
[+]exec('/path/file')[+] chmod('/path/file','permission number')[+] write('/path/file','text to write')[+] file_create('/path/file','text to write')[+] dir_create('/path/folder')[+] download('url','filename')[+] download_execute('url','filename','command to execute')[+] system('command to execute')[+] script_executor('name of script','path and name of your script in your pc','execute command')
Now you are able to choose your operation system, function, and encode to generate your shellcode, But all of these features are not activated yet, so you have to look up this table HERE to see what features are activated.
For example, this part of table telling us all functions for linux_x86 is activated, But Encodes [xor_random, xor_yourvalue, add_random, add_yourvalue, sub_random, sub_yourvalue, inc, inc_timesyouwant, dec, dec_timesyouwant] are just activated for chmod() function.
Note: Don’t use space ‘ ’ in system() function, replace it with “[space]” , software will detect and replace “ ” for you in shellcode.
Note: script_executor(),download_execute(),download(),dir_create(),file_create() are using linux command line , not the function. [wget,mkdir,echo]
system() function added in script, you can use it to do anything and generate any command line shellcode.
Note: exec() doesn’t support any ARGV same as exec(‘/bin/bash -c ls’) or exec(‘/bin/bash’,‘-c’,‘ls’), you have to wait for next version and this feature will available in system()
Note: you also can use high value for inc and dec time, like inc_100000, your shellcode may get too big
Note: each time you execute chmod()[or any other] function with random encode, you are gonna get random outputs and different shellcode.
Note: your xor value could be anything. “xor_0x41414141” and “xor_0x45872f4d” are examples.