It is easy to create shellcode with pwntools that is a python library. Just set the environment and call some functions what you want.
Before you can generate shellcode, you need to install bintutils according to your CPU architecture.
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:pwntools/binutils
# In the case of ARM architecture.
$ sudo apt-get install binutils-arm-linux-gnueabi
$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:pwntools/binutils
# In the case of ARM architecture.
$ sudo apt-get install binutils-arm-linux-gnueabi
Python 3.5 and pwntools 2.2.1 is used
$ python3 --version
Python 3.5.2
$ pip3 show pwntools
Name: pwntools
Version: 2.2.1
Python 3.5.2
$ pip3 show pwntools
Name: pwntools
Version: 2.2.1
<shellcode.py>
from pwn import *
# Set environment
context(arch="amd64", os="linux")
code = b''
# [CASE 1] Just shell.
code += asm(shellcraft.sh())
# [CASE 2] Read and write a directory file.
code += asm(shellcraft.pushstr(".\x00"))
code += asm(shellcraft.open("rsp", "O_RDONLY", 0))
code += asm(shellcraft.syscall("SYS_getdents", 3, "rsp", 200))
code += asm(shellcraft.write(1, "rsp", 200))
# [CASE 3] Read and write a regular file.
code += asm(shellcraft.cat("/root/test/flag"))
# [CASE 4] Read and write a regular file.
code += asm(shellcraft.pushstr("/root/flag\x00"))
code += asm(shellcraft.open("rsp", "O_RDONLY", 0))
code += asm(shellcraft.read(3, "rsp", 100))
code += asm(shellcraft.write(1, "rsp", 100))
# Print the shellcode
print("\n[Shellcode]")
print(code)
# Execute the shellcode
print("\n[Run]")
# run_assembly(disasm(code)).interactive()
# Set environment
context(arch="amd64", os="linux")
code = b''
# [CASE 1] Just shell.
code += asm(shellcraft.sh())
# [CASE 2] Read and write a directory file.
code += asm(shellcraft.pushstr(".\x00"))
code += asm(shellcraft.open("rsp", "O_RDONLY", 0))
code += asm(shellcraft.syscall("SYS_getdents", 3, "rsp", 200))
code += asm(shellcraft.write(1, "rsp", 200))
# [CASE 3] Read and write a regular file.
code += asm(shellcraft.cat("/root/test/flag"))
# [CASE 4] Read and write a regular file.
code += asm(shellcraft.pushstr("/root/flag\x00"))
code += asm(shellcraft.open("rsp", "O_RDONLY", 0))
code += asm(shellcraft.read(3, "rsp", 100))
code += asm(shellcraft.write(1, "rsp", 100))
# Print the shellcode
print("\n[Shellcode]")
print(code)
# Execute the shellcode
print("\n[Run]")
# run_assembly(disasm(code)).interactive()
run_shellcode(code).interactive()
"run_assembly(code)" makes child process.
※ For more information, refer pwntools documentation about shellcode.