1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to test Shell-Codes

Discussion in 'C' started by lionaneesh, Feb 9, 2011.

  1. lionaneesh

    lionaneesh Active Member

    Joined:
    Mar 21, 2010
    Messages:
    848
    Likes Received:
    224
    Trophy Points:
    43
    Occupation:
    Student
    Location:
    India
    Continuation of Shell-coding basics..I suggest a glance over it before you start reading this..

    Testing



    We'll be using a simple C program to accomplish our task.

    test.c
    Code:
    // #include<stdio.h> we will not be needing this as we are not using any functions from the C library...Just basic logic of Pointers.. 
    
    char shellcode[] = ""; 
    
    int main() 
    {	 
    	int *ret; // a simple integer pointer pointing a address 
    	ret = (int *)&ret + 2; // change the address pointed by 
    	(*ret) = (int)shellcode; // change the return pointer to the shellcode .. so we'll be jumping to our shellcode right away
    } 
    
    Note : In this article we'll be using the exit shell-code we made in the previous article...However this program can be used to test any shell-code..

    This is the basic skeleton of the program...Check the comments...Its quite self-explanatory...

    Now lets have a look on our obdump :-

    Code:
    aneesh@aneesh-laptop:~/articles/ASM$ objdump -d shell 
    
    shell:     file format elf32-i386 
    
    
    Disassembly of section .text: 
    
    08048060 <_start>: 
     8048060:	31 c0                	xor    %eax,%eax 
     8048062:	b0 01                	mov    $0x1,%al 
     8048064:	31 db                	xor    %ebx,%ebx 
     8048066:	b3 07                	mov    $0x7,%bl 
     8048068:	cd 80                	int    $0x80 
    
    I explained the construction in the previous tutorial and would not be repeating it..

    So out set of opcodes will be :-

    Code:
    \x31\xc0\xb0\x01\x31\xdb\xb3\x07\xcd\x80
    
    A basic 10 byte exit shell-code..

    Lets add it to 'test.c' test it

    Code:
    // #include<stdio.h> we will not be needing this as we are not using any functions from the C library...Just basic logic of Pointers.. 
    
    char shellcode[] = "\x31\xc0\xb0\x01\x31\xdb\xb3\x07\xcd\x80"; 
    
    int main() 
    {	 
    	int *ret; // a simple integer pointer pointing a address 
    	ret = (int *)&ret + 2; // change the address pointed by 
    	(*ret) = (int)shellcode; 
    } 
    
    Compiling

    Code:
    aneesh@aneesh-laptop:~/articles/C$ gcc test.c -o test -fno-stack-protector 
    

    Running


    Code:
    aneesh@aneesh-laptop:~/articles/C$ ./test 
    aneesh@aneesh-laptop:~/articles/C$ 
    
    Ok... Thats a successful exit...

    Now lets verify that by knowing our exit status

    Code:
    aneesh@aneesh-laptop:~/articles/ASM$ echo $? 
    7 
    
    Stay tuned for more...
     
  2. lionaneesh

    lionaneesh Active Member

    Joined:
    Mar 21, 2010
    Messages:
    848
    Likes Received:
    224
    Trophy Points:
    43
    Occupation:
    Student
    Location:
    India
    Thanks.. For accepting.. 2 more in the queue...
     

Share This Page