Go4Expert

Go4Expert (http://www.go4expert.com/)
-   C (http://www.go4expert.com/forumdisplay.php?f=60)
-   -   How to test Shell-Codes (http://www.go4expert.com/showthread.php?t=24915)

lionaneesh 9Feb2011 19:10
How to test Shell-Codes
 
Continuation of Shell-coding basics..I suggest a glance over it before you start reading this..

Testing



We'll be using a simple C program to accomplish our task.

test.c
Code:
// #include<stdio.h> we will not be needing this as we are not using any functions from the C library...Just basic logic of Pointers..

char shellcode[] = "";

int main()
{       
        int *ret; // a simple integer pointer pointing a address
        ret = (int *)&ret + 2; // change the address pointed by
        (*ret) = (int)shellcode; // change the return pointer to the shellcode .. so we'll be jumping to our shellcode right away
}
Note : In this article we'll be using the exit shell-code we made in the previous article...However this program can be used to test any shell-code..

This is the basic skeleton of the program...Check the comments...Its quite self-explanatory...

Now lets have a look on our obdump :-

Code:
aneesh@aneesh-laptop:~/articles/ASM$ objdump -d shell

shell:    file format elf32-i386


Disassembly of section .text:

08048060 <_start>:
 8048060:        31 c0                        xor    %eax,%eax
 8048062:        b0 01                        mov    $0x1,%al
 8048064:        31 db                        xor    %ebx,%ebx
 8048066:        b3 07                        mov    $0x7,%bl
 8048068:        cd 80                        int    $0x80
I explained the construction in the previous tutorial and would not be repeating it..

So out set of opcodes will be :-

Code:
\x31\xc0\xb0\x01\x31\xdb\xb3\x07\xcd\x80
A basic 10 byte exit shell-code..

Lets add it to 'test.c' test it

Code:
// #include<stdio.h> we will not be needing this as we are not using any functions from the C library...Just basic logic of Pointers..

char shellcode[] = "\x31\xc0\xb0\x01\x31\xdb\xb3\x07\xcd\x80";

int main()
{       
        int *ret; // a simple integer pointer pointing a address
        ret = (int *)&ret + 2; // change the address pointed by
        (*ret) = (int)shellcode;
}
Compiling

Code:
aneesh@aneesh-laptop:~/articles/C$ gcc test.c -o test -fno-stack-protector

Running

Code:
aneesh@aneesh-laptop:~/articles/C$ ./test
aneesh@aneesh-laptop:~/articles/C$
Ok... Thats a successful exit...

Now lets verify that by knowing our exit status

Code:
aneesh@aneesh-laptop:~/articles/ASM$ echo $?
7
Stay tuned for more...

lionaneesh 11Feb2011 09:32
Re: How to test Shell-Codes
 
Thanks.. For accepting.. 2 more in the queue...


All times are GMT +5.5. The time now is 12:58.