How to test Shell-Codes

lionaneesh's Avatar author of How to test Shell-Codes
Contributed by ()
This is an article on How to test Shell-Codes in C.
Continuation of Shell-coding basics..I suggest a glance over it before you start reading this..

Testing



We'll be using a simple C program to accomplish our task.

test.c
Code:
// #include<stdio.h> we will not be needing this as we are not using any functions from the C library...Just basic logic of Pointers.. 

char shellcode[] = ""; 

int main() 
{	 
	int *ret; // a simple integer pointer pointing a address 
	ret = (int *)&ret + 2; // change the address pointed by 
	(*ret) = (int)shellcode; // change the return pointer to the shellcode .. so we'll be jumping to our shellcode right away
}
Note : In this article we'll be using the exit shell-code we made in the previous article...However this program can be used to test any shell-code..

This is the basic skeleton of the program...Check the comments...Its quite self-explanatory...

Now lets have a look on our obdump :-

Code:
aneesh@aneesh-laptop:~/articles/ASM$ objdump -d shell 

shell:     file format elf32-i386 


Disassembly of section .text: 

08048060 <_start>: 
 8048060:	31 c0                	xor    %eax,%eax 
 8048062:	b0 01                	mov    $0x1,%al 
 8048064:	31 db                	xor    %ebx,%ebx 
 8048066:	b3 07                	mov    $0x7,%bl 
 8048068:	cd 80                	int    $0x80
I explained the construction in the previous tutorial and would not be repeating it..

So out set of opcodes will be :-

Code:
\x31\xc0\xb0\x01\x31\xdb\xb3\x07\xcd\x80
A basic 10 byte exit shell-code..

Lets add it to 'test.c' test it

Code:
// #include<stdio.h> we will not be needing this as we are not using any functions from the C library...Just basic logic of Pointers.. 

char shellcode[] = "\x31\xc0\xb0\x01\x31\xdb\xb3\x07\xcd\x80"; 

int main() 
{	 
	int *ret; // a simple integer pointer pointing a address 
	ret = (int *)&ret + 2; // change the address pointed by 
	(*ret) = (int)shellcode; 
}
Compiling

Code:
aneesh@aneesh-laptop:~/articles/C$ gcc test.c -o test -fno-stack-protector

Running

Code:
aneesh@aneesh-laptop:~/articles/C$ ./test 
aneesh@aneesh-laptop:~/articles/C$
Ok... Thats a successful exit...

Now lets verify that by knowing our exit status

Code:
aneesh@aneesh-laptop:~/articles/ASM$ echo $? 
7
Stay tuned for more...
Invasive contributor
11Feb2011,09:32   #2
lionaneesh's Avatar
Thanks.. For accepting.. 2 more in the queue...