Method of evaluating shellcode in python?

Evaluating a sample piece of shellcode using a C program is not complicated. It would involve storing the shellcode in a character array, creating a function pointer, typecasting the pointer and making it point to the array and calling the function(pointer).

This is how it works, assuming you can execute the memory at nastycode[]:

/* left harmless. Insert your own working example at your peril开发者_如何学编程 */
char nastycode[] = "\x00\x00\x00...";
void (*execute_ptr) (void);

execute_ptr = (void *)nastycode; /* point pointer at nasty code */
execute_ptr();                   /* execute it */

Is there any way I could do the same using Python code? Or does the fact that Python code translates to bytecode render such an endeavour impossible?

The only way this could be done is if you rely on a C library. Buffer overflows can be introduced into python from its library bindings. For your purposes you could write your own simple python library in c and implement something like example3.c in Aleph One's Smashing the Stack for Fun and Profit. As Avilo pointed out you will have to worry about NX zones, however any region of memory can be made executable again and this is platform specific. Also GCC uses stack canaries by default. Although this can be avoided by just overwriting the return address with an address passed to the function, which would leave the cannery intact. ASLR is a very good security system that can be difficult to bypass, but if you are passing in the known address to your shell code then ASLR shouldn't be a problem.

This is what you are looking for ;)

http://libemu.carnivore.it/

Since you where looking for python:

https://github.com/buffer/pylibemu

Its possible in python... you can do your own binding to C using ctypes or simply use something like distorm

http://code.google.com/p/distorm/wiki/Python

you also might want to check out how dionaea does it. Its a honeypot but it'll test shellcode and output the results.

http://dionaea.carnivore.it/