minor updates

This commit is contained in:
arno01 2013-04-11 13:44:15 +02:00
parent 21abf625a8
commit 24afc2aec6
6 changed files with 67 additions and 44 deletions

View File

@ -1,6 +0,0 @@
Compile and run
nasm -f elf32 -o helloworld.o helloworld.nasm && ld -m elf_i386 -o helloworld helloworld.o && ./helloworld ; echo $?
Get shellcode
for i in $(objdump -d helloworld -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; done;echo

View File

@ -0,0 +1,67 @@
; This program is free software: you can redistribute it and/or modify
; it under the terms of the GNU General Public License as published by
; the Free Software Foundation, either version 3 of the License, or
; (at your option) any later version.
;
; This program is distributed in the hope that it will be useful,
; but WITHOUT ANY WARRANTY; without even the implied warranty of
; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
; GNU General Public License for more details.
;
; You should have received a copy of the GNU General Public License
; along with this program. If not, see <http://www.gnu.org/licenses/>.
;
;
; Filename: decoder.nasm
; Author: Andrey Arapov <andrey.arapov@gmail.com>
; 2013 April
;
;
section .text
global _start
_start:
jmp short _down ; JMP-CALL-POP technique
_up:
pop esi ; get the last address of this program,
; which will be a start of our encoded shellcode
xor ecx, ecx ; zero the counter, will be used below
_decoder:
mov al, byte [esi] ; preparing to compare the first byte of the encoded shellcode
inc esi ; going for the next byte
;
; Checking for markers
;
cmp al, 0x37
je short _decoder ; if current byte is a gargabe, then we skip it and check the next byte
cmp al, 0xFA
je short _decoder ; if current byte is a gargabe, then we skip it and check the next byte
cmp al, 0xD6
je short _decoder ; if current byte is a gargabe, then we skip it and check the next byte
cmp al, 0x3F
je short _decoder ; if current byte is a gargabe, then we skip it and check the next byte
cmp al, 0xAF
je short _runshellcode ; if we reach the exit marker, then we run the shellcode
;
; Collecting decoded shellcode in the EDX address
;
mov byte [edx+ecx], al ; moving good byte to EDX
inc ecx ; increase the counter
jmp short _decoder ; continuing
_runshellcode:
call edx
_down:
call _up ; ESP now has and address that points to the next instruction, however we are going UP

View File

@ -1,13 +0,0 @@
#!/usr/bin/env sh
echo "Original shellcode"
for i in $(objdump -d helloworld -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; done; echo
echo ""
echo "Encoded shellcode"
Y=2; for i in $(objdump -d helloworld -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; if [[ $Y -gt 1 ]];then echo -n '\xAA'; Y=$[Y-1]; else Y=$[Y+1]; fi; done; echo
echo ""

Binary file not shown.

View File

@ -1,25 +0,0 @@
; helloworld.nasm
; 2013 April
;
section .text
global _start
_start:
xor eax,eax
xor ebx,ebx
xor edx,edx
; write('hi there')
mov al,4 ; write
mov bl,1 ; stdout
push 0x0a657265 ; 'ere\n' in reverse
push 0x68546948 ; 'HiTh' in reverse
mov ecx, esp ; ecx is a pointer to stack
mov dl, 8 ; length of message
int 0x80
; exit(0)
xor ebx,ebx
mov al,1 ; exit
int 0x80

Binary file not shown.