parent
85d99f6ce8
commit
5dbf6cddd5
@ -0,0 +1,6 @@
|
||||
Compile and run
|
||||
nasm -f elf32 -o helloworld.o helloworld.nasm && ld -m elf_i386 -o helloworld helloworld.o && ./helloworld ; echo $?
|
||||
|
||||
Get shellcode
|
||||
for i in $(objdump -d helloworld -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; done;echo
|
||||
|
@ -0,0 +1,13 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
echo "Original shellcode"
|
||||
for i in $(objdump -d helloworld -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; done; echo
|
||||
|
||||
echo ""
|
||||
|
||||
|
||||
echo "Encoded shellcode"
|
||||
Y=2; for i in $(objdump -d helloworld -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; if [[ $Y -gt 1 ]];then echo -n '\xAA'; Y=$[Y-1]; else Y=$[Y+1]; fi; done; echo
|
||||
|
||||
echo ""
|
||||
|
Binary file not shown.
@ -0,0 +1,25 @@
|
||||
; helloworld.nasm
|
||||
; 2013 April
|
||||
;
|
||||
|
||||
section .text
|
||||
global _start
|
||||
|
||||
_start:
|
||||
xor eax,eax
|
||||
xor ebx,ebx
|
||||
xor edx,edx
|
||||
|
||||
; write('hi there')
|
||||
mov al,4 ; write
|
||||
mov bl,1 ; stdout
|
||||
push 0x0a657265 ; 'ere\n' in reverse
|
||||
push 0x68546948 ; 'HiTh' in reverse
|
||||
mov ecx, esp ; ecx is a pointer to stack
|
||||
mov dl, 8 ; length of message
|
||||
int 0x80
|
||||
|
||||
; exit(0)
|
||||
xor ebx,ebx
|
||||
mov al,1 ; exit
|
||||
int 0x80
|
Binary file not shown.
@ -0,0 +1,17 @@
|
||||
b _start
|
||||
run
|
||||
stepi
|
||||
xprint $edx
|
||||
xprint $edx+0x4
|
||||
xprint $edx+0x5
|
||||
xprint $edx+0x3
|
||||
xprint $edx+0x4
|
||||
xprint $edx+0x1
|
||||
xprint $edx+0x2
|
||||
xprint $edx+0x3
|
||||
si
|
||||
si
|
||||
si
|
||||
si
|
||||
si
|
||||
si
|
@ -0,0 +1,6 @@
|
||||
Compile and run
|
||||
nasm -f elf32 -o helloworld.o helloworld.nasm && ld -m elf_i386 -o helloworld helloworld.o && ./helloworld ; echo $?
|
||||
|
||||
Get shellcode
|
||||
for i in $(objdump -d helloworld -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; done;echo
|
||||
|
@ -0,0 +1,18 @@
|
||||
#!/usr/bin/env python
|
||||
import sys
|
||||
|
||||
#if len(sys.argv) < 2:
|
||||
# sys.exit('Usage: %s \\xshellcode' % sys.argv[0])
|
||||
|
||||
#s=sys.argv[1]
|
||||
|
||||
s='\x34\xc5\x34\xde\x34\xd7\xb5\x01\xb6\x04\x6d\x60\x77\x60\x0f\x6d\x4d\x6c\x51\x6d\x8c\xe4\xb7\x0d\xc8\x85\x34\xde\xb5\x04\xc8\x85'
|
||||
e=[]
|
||||
|
||||
print "Decoded shellcode"
|
||||
for i in range(len(s)):
|
||||
e=(int(s[i].encode('hex'),16) ^ 0x5)
|
||||
print '\\x%0.2x' % e,
|
||||
sys.stdout.write('')
|
||||
|
||||
print ""
|
@ -0,0 +1,18 @@
|
||||
#!/usr/bin/env python
|
||||
import sys
|
||||
|
||||
#if len(sys.argv) < 2:
|
||||
# sys.exit('Usage: %s \\xshellcode' % sys.argv[0])
|
||||
|
||||
#s=sys.argv[1]
|
||||
|
||||
s='\x31\xc0\x31\xdb\x31\xd2\xb0\x04\xb3\x01\x68\x65\x72\x65\x0a\x68\x48\x69\x54\x68\x89\xe1\xb2\x08\xcd\x80\x31\xdb\xb0\x01\xcd\x80'
|
||||
e=[]
|
||||
|
||||
print "Encoded shellcode"
|
||||
for i in range(len(s)):
|
||||
e=(int(s[i].encode('hex'),16) ^ 0x5)
|
||||
print '\\x%0.2x' % e,
|
||||
sys.stdout.write('')
|
||||
|
||||
print ""
|
Binary file not shown.
@ -0,0 +1,25 @@
|
||||
; helloworld.nasm
|
||||
; 2013 April
|
||||
;
|
||||
|
||||
section .text
|
||||
global _start
|
||||
|
||||
_start:
|
||||
xor eax,eax
|
||||
xor ebx,ebx
|
||||
xor edx,edx
|
||||
|
||||
; write('hi there')
|
||||
mov al,4 ; write
|
||||
mov bl,1 ; stdout
|
||||
push 0x0a657265 ; 'ere\n' in reverse
|
||||
push 0x68546948 ; 'HiTh' in reverse
|
||||
mov ecx, esp ; ecx is a pointer to stack
|
||||
mov dl, 8 ; length of message
|
||||
int 0x80
|
||||
|
||||
; exit(0)
|
||||
xor ebx,ebx
|
||||
mov al,1 ; exit
|
||||
int 0x80
|
Binary file not shown.
Loading…
Reference in new issue