If you work with exploits and shellcode, you already know what shellcode is and how to deal with it. Sometimes it comes with exploits in C, Perl, Python… It usually looks like:

payload = (b"xbfxabxd0x9ax5bxdaxc7xd9x74x24xf4x5ax2bxc9" + "xb1x45x83xc2x04x31x7ax11x03x7ax11xe2x5ex2c" + "x72xd2xa0xcdx83x85x29x28xb2x97x4dx38xe7x27" + ...

But sometimes you need a binary file representation of this shellcode, so you can inject it into some file, debug it or for whatever reason. There are all kinds of scripts out there to deal with shellcode and accomplish different tasks. Binary to shellcode, shellcode to binary (only for bash)… But I was not able to find a simple script to get it under Windows. Even finding “xxd” command (make a hexdump) ported to Windows is possible but not easy (it seems to come bundled with Vim for Windows, but it used to be available with unixtools…).

Anyhow, here is a simple script in Python that works for Windows and will do the job. It will tolerate dirty shellcode (spaces, returns, concatenation commands…) and will only keep hex characters. Then it uses “write” with “wb” so you get a binary file. Quick and dirty.

Here is the tiny code. Just copy it and save it as a .py file. Tested with 2.7 branch.

import binascii
import fileinput
import os
import re
import sys

def shell2bin(args):
if len(args) < 2:
print "Usage: %s shellcodefile binfile" % args[0]
with open(sys.argv[1], "r") as fileshell:
flux = fileshell.read()
flux = re.sub("[^0-9,^a-f,^A-F]", "",flux)
with open(sys.argv[2], "wb") as filebin:
print "Done!"
except IOError as e:
print "I/O error({0}): {1}".format(e.errno, e.strerror)
print "Unexpected error:", sys.exc_info()[0]
if __name__=='__main__':


You may also be interested in

  • cloud-professional-services-migration

    Cloud Professional Services: Migration

  • alias robotic

    Telefónica Tech and Alias Robotics created the CS4R laboratory

  • navantia

    Navantia y Telefónica Tech: the Future of Cyber Defence