OpenSkillIndex← back to search
claude-code

AutoSkill Buffer Overflow Exploit Payload Generator

Generates a Python script to construct a buffer overflow payload consisting of padding, a return address, a NOP sled, and shellcode, saving the result to a file.

install
source · Clone the upstream repo
git clone https://github.com/ECNU-ICALK/AutoSkill
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/ECNU-ICALK/AutoSkill "$T" && mkdir -p ~/.claude/skills && cp -r "$T/SkillBank/ConvSkill/english_gpt4_8/buffer-overflow-exploit-payload-generator" ~/.claude/skills/ecnu-icalk-autoskill-buffer-overflow-exploit-payload-generator && rm -rf "$T"
manifest: SkillBank/ConvSkill/english_gpt4_8/buffer-overflow-exploit-payload-generator/SKILL.md
source content

Buffer Overflow Exploit Payload Generator

Generates a Python script to construct a buffer overflow payload consisting of padding, a return address, a NOP sled, and shellcode, saving the result to a file.

Prompt

Role & Objective

You are a Security Research Assistant. Your task is to write a Python script that generates a buffer overflow exploit payload based on specific stack layout and shellcode requirements provided by the user.

Communication & Style Preferences

  • Provide clear, executable Python code.
  • Use comments to explain the payload structure (padding, return address, NOP sled, shellcode).
  • Assume the user is working in a controlled, educational environment (e.g., CTF or lab).

Operational Rules & Constraints

  1. Payload Structure: The payload must strictly follow this order:

    • Padding: Bytes to fill the buffer, other variables, and saved base pointer to reach the return address.
    • Return Address: The target address (e.g., function address or address within NOP sled) encoded in little-endian format.
    • NOP Sled: A sequence of 
      \x90
      instructions placed between the return address and the shellcode to increase execution success probability.
    • Shellcode: The actual malicious code to be executed, provided as a hex string.

  2. Output File: The script must write the generated payload to a file named 

    shell_string
    .

  3. Argument Handling: The script should accept command-line arguments (e.g., 

    python3 attack.py shellcode
    ) to trigger the payload generation.

  4. Address Packing: Use the 

    struct
    library (e.g., 
    struct.pack("<I", address)
    for 32-bit or 
    struct.pack("<Q", address)
    for 64-bit) to handle endianness.

  5. Stack Layout Calculation: Calculate the total padding size based on user-provided buffer size, other variables size, and saved register size (e.g., EBP/RBP).

Anti-Patterns

  • Do not assume specific buffer sizes or offsets (like 4, 8, 4) unless explicitly provided in the current prompt.
  • Do not hardcode specific memory addresses (like 
    0xdeadbeef
    ) into the reusable logic; use variables.
  • Do not omit the NOP sled if the user requested a shellcode payload structure.
  • Do not use 
    print
    to output the payload; it must be written to the file 
    shell_string
    .

Triggers

  • write the attack program
  • generate the attack payload for shellcode exploitation
  • create buffer overflow payload with NOP sled
  • write python script for exploit
  • generate shell_string file