updates

11 years ago · 5dbf6cddd5
parent 85d99f6ce8
commit 5dbf6cddd5
14 changed files with 128 additions and 0 deletions
--- a/exam4/HOWTO
+++ b/exam4/HOWTO
@ -0,0 +1,6 @@
+Compile and run
+nasm -f elf32 -o helloworld.o helloworld.nasm && ld -m elf_i386 -o helloworld helloworld.o && ./helloworld ; echo $?
+
+Get shellcode
+for i in $(objdump -d helloworld -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; done;echo
+
--- a/exam4/decoder.nasm
+++ b/exam4/decoder.nasm
--- a/exam4/encoder.sh
+++ b/exam4/encoder.sh
@ -0,0 +1,13 @@
+#!/usr/bin/env sh
+
+echo "Original shellcode"
+for i in $(objdump -d helloworld -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; done; echo
+
+echo ""
+
+
+echo "Encoded shellcode"
+Y=2; for i in $(objdump -d helloworld -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; if [[ $Y -gt 1 ]];then echo -n '\xAA'; Y=$[Y-1]; else Y=$[Y+1]; fi; done; echo
+
+echo ""
+
--- a/exam4/helloworld
+++ b/exam4/helloworld
--- a/exam4/helloworld.nasm
+++ b/exam4/helloworld.nasm
@ -0,0 +1,25 @@
+; helloworld.nasm
+; 2013 April
+;
+
+section .text
+global _start
+
+_start:
+	xor eax,eax
+	xor ebx,ebx
+	xor edx,edx
+
+	; write('hi there')
+	mov al,4		; write
+	mov bl,1		; stdout
+	push 0x0a657265		; 'ere\n' in reverse
+	push 0x68546948		; 'HiTh' in reverse
+	mov ecx, esp		; ecx is a pointer to stack
+	mov dl, 8		; length of message
+	int 0x80
+
+	; exit(0)
+	xor ebx,ebx
+	mov al,1		; exit
+	int 0x80
--- a/exam4/helloworld.o
+++ b/exam4/helloworld.o
--- a/exam6/.gdb_history
+++ b/exam6/.gdb_history
@ -0,0 +1,17 @@
+b _start 
+run
+stepi
+xprint $edx
+xprint $edx+0x4
+xprint $edx+0x5
+xprint $edx+0x3
+xprint $edx+0x4
+xprint $edx+0x1
+xprint $edx+0x2
+xprint $edx+0x3
+si
+si
+si
+si
+si
+si
--- a/exam6/HOWTO
+++ b/exam6/HOWTO
@ -0,0 +1,6 @@
+Compile and run
+nasm -f elf32 -o helloworld.o helloworld.nasm && ld -m elf_i386 -o helloworld helloworld.o && ./helloworld ; echo $?
+
+Get shellcode
+for i in $(objdump -d helloworld -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; done;echo
+
--- a/exam6/decoder.nasm
+++ b/exam6/decoder.nasm
--- a/exam6/decoder.py
+++ b/exam6/decoder.py
@ -0,0 +1,18 @@
+#!/usr/bin/env python
+import sys
+
+#if len(sys.argv) < 2:
+#	sys.exit('Usage: %s \\xshellcode' % sys.argv[0])
+
+#s=sys.argv[1]
+
+s='\x34\xc5\x34\xde\x34\xd7\xb5\x01\xb6\x04\x6d\x60\x77\x60\x0f\x6d\x4d\x6c\x51\x6d\x8c\xe4\xb7\x0d\xc8\x85\x34\xde\xb5\x04\xc8\x85'
+e=[]
+
+print "Decoded shellcode"
+for i in range(len(s)):
+	e=(int(s[i].encode('hex'),16) ^ 0x5)
+	print '\\x%0.2x' % e,
+	sys.stdout.write('')
+
+print ""
--- a/exam6/encoder.py
+++ b/exam6/encoder.py
@ -0,0 +1,18 @@
+#!/usr/bin/env python
+import sys
+
+#if len(sys.argv) < 2:
+#	sys.exit('Usage: %s \\xshellcode' % sys.argv[0])
+
+#s=sys.argv[1]
+
+s='\x31\xc0\x31\xdb\x31\xd2\xb0\x04\xb3\x01\x68\x65\x72\x65\x0a\x68\x48\x69\x54\x68\x89\xe1\xb2\x08\xcd\x80\x31\xdb\xb0\x01\xcd\x80'
+e=[]
+
+print "Encoded shellcode"
+for i in range(len(s)):
+	e=(int(s[i].encode('hex'),16) ^ 0x5)
+	print '\\x%0.2x' % e,
+	sys.stdout.write('')
+
+print ""
--- a/exam6/helloworld
+++ b/exam6/helloworld
--- a/exam6/helloworld.nasm
+++ b/exam6/helloworld.nasm
@ -0,0 +1,25 @@
+; helloworld.nasm
+; 2013 April
+;
+
+section .text
+global _start
+
+_start:
+	xor eax,eax
+	xor ebx,ebx
+	xor edx,edx
+
+	; write('hi there')
+	mov al,4		; write
+	mov bl,1		; stdout
+	push 0x0a657265		; 'ere\n' in reverse
+	push 0x68546948		; 'HiTh' in reverse
+	mov ecx, esp		; ecx is a pointer to stack
+	mov dl, 8		; length of message
+	int 0x80
+
+	; exit(0)
+	xor ebx,ebx
+	mov al,1		; exit
+	int 0x80
--- a/exam6/helloworld.o
+++ b/exam6/helloworld.o