1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

How to test Shell-Codes

Discussion in 'C' started by lionaneesh, Feb 9, 2011.

  1. lionaneesh

    lionaneesh New Member

    Continuation of Shell-coding basics..I suggest a glance over it before you start reading this..

    Testing



    We'll be using a simple C program to accomplish our task.

    test.c
    Code:
    // #include<stdio.h> we will not be needing this as we are not using any functions from the C library...Just basic logic of Pointers.. 
    
    char shellcode[] = ""; 
    
    int main() 
    {	 
    	int *ret; // a simple integer pointer pointing a address 
    	ret = (int *)&ret + 2; // change the address pointed by 
    	(*ret) = (int)shellcode; // change the return pointer to the shellcode .. so we'll be jumping to our shellcode right away
    } 
    
    Note : In this article we'll be using the exit shell-code we made in the previous article...However this program can be used to test any shell-code..

    This is the basic skeleton of the program...Check the comments...Its quite self-explanatory...

    Now lets have a look on our obdump :-

    Code:
    aneesh@aneesh-laptop:~/articles/ASM$ objdump -d shell 
    
    shell:     file format elf32-i386 
    
    
    Disassembly of section .text: 
    
    08048060 <_start>: 
     8048060:	31 c0                	xor    %eax,%eax 
     8048062:	b0 01                	mov    $0x1,%al 
     8048064:	31 db                	xor    %ebx,%ebx 
     8048066:	b3 07                	mov    $0x7,%bl 
     8048068:	cd 80                	int    $0x80 
    
    I explained the construction in the previous tutorial and would not be repeating it..

    So out set of opcodes will be :-

    Code:
    \x31\xc0\xb0\x01\x31\xdb\xb3\x07\xcd\x80
    
    A basic 10 byte exit shell-code..

    Lets add it to 'test.c' test it

    Code:
    // #include<stdio.h> we will not be needing this as we are not using any functions from the C library...Just basic logic of Pointers.. 
    
    char shellcode[] = "\x31\xc0\xb0\x01\x31\xdb\xb3\x07\xcd\x80"; 
    
    int main() 
    {	 
    	int *ret; // a simple integer pointer pointing a address 
    	ret = (int *)&ret + 2; // change the address pointed by 
    	(*ret) = (int)shellcode; 
    } 
    
    Compiling

    Code:
    aneesh@aneesh-laptop:~/articles/C$ gcc test.c -o test -fno-stack-protector 
    

    Running


    Code:
    aneesh@aneesh-laptop:~/articles/C$ ./test 
    aneesh@aneesh-laptop:~/articles/C$ 
    
    Ok... Thats a successful exit...

    Now lets verify that by knowing our exit status

    Code:
    aneesh@aneesh-laptop:~/articles/ASM$ echo $? 
    7 
    
    Stay tuned for more...
     
  2. lionaneesh

    lionaneesh New Member

    Thanks.. For accepting.. 2 more in the queue...
     

Share This Page