Linux shellcode sample
HelloWorld.nasm
;HelloWorld.asm
;Author: Kul Subedi
global _start
section .text
_start:
; print HelloWorld! in screen
mov eax, 0x4
mov ebx, 0x1
mov ecx, message
;mov edx, 12
mov edx, mlen
int 0x80
; exit program gracefully
mov eax, 0x1
mov ebx, 0x5
int 0x80
section .data
message: db "Welcome to Assembly!"
mlen equ $-message
abc.nasm
;hello.asm
[SECTION .text]
global _start
_start:
jmp short call_shellcode
shellcode:
xor eax, eax ;clean up the registers
xor ebx, ebx
xor edx, edx
xor ecx, ecx
mov al, 4 ;syscall write
mov bl, 1 ;stdout is 1
pop ecx ;get the address of the string from the stack
mov dl, 5 ;length of the string
int 0x80
xor eax, eax
mov al, 1 ;exit the shellcode
xor ebx,ebx
int 0x80
call_shellcode:
call shellcode;put the address of the string on the stack
db 'milu'
compile.sh
#!/bin/bash
echo '[+] Assembling with Nasm .. '
nasm -f elf32 -o $1.o $1.nasm
echo '[+] Linking ... '
ld -o $1 $1.o
echo '[+] Done!'
shel.sh
#!/bin/bash
objdump -d $1 | grep '[0-9a-f]:' | grep -v 'file' | cut -d: -f2|cut -d' ' -f1-6 | tr -s ' ' | tr '\t' ' ' | sed 's/ $//g' | sed 's/ /\\x/g' | paste -d '' -s | sed 's/^/"/' | sed 's/$/"/g'
abctxt.txt
"\xeb\x19\x31\xc0\x31\xdb\x31\xd2\x31\xc9\xb0\x04\xb3\x01\x59\xb2\x05\xcd\x80\x31\xc0\xb0\x01\x31\xdb\xcd\x80\xe8\xe2\xff\xff\xff\x6d\x69\x6c\x75"
shellcode.c
#include
#include
unsigned char code[] ="\xeb\x19\x31\xc0\x31\xdb\x31\xd2\x31\xc9\xb0\x04\xb3\x01\x59\xb2\x05\xcd\x80\x31\xc0\xb0\x01\x31\xdb\xcd\x80\xe8\xe2\xff\xff\xff\x6d\x69\x6c\x75";
main(){
printf("Shellcode Length: %d\n", strlen(code));
int (*ret)() = (int(*)())code;
ret();
}
gcc_compile.sh
#!/bin/bash
echo '[+] Compiling....'
gcc -fno-stack-protector -z execstack $1.c -o $1
echo '[+] Done...'
============== End
222
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
