How to test Shell-Codes

Discussion in 'C' started by lionaneesh, Feb 9, 2011.

  1. lionaneesh

    lionaneesh Active Member

    Joined:
    Mar 21, 2010
    Messages:
    848
    Likes Received:
    224
    Trophy Points:
    43
    Occupation:
    Student
    Location:
    India
    Continuation of Shell-coding basics..I suggest a glance over it before you start reading this..

    Testing



    We'll be using a simple C program to accomplish our task.

    test.c
    Code:
    // #include<stdio.h> we will not be needing this as we are not using any functions from the C library...Just basic logic of Pointers.. 

char shellcode[] = ""; 

int main() 
{	 
	int *ret; // a simple integer pointer pointing a address 
	ret = (int *)&ret + 2; // change the address pointed by 
	(*ret) = (int)shellcode; // change the return pointer to the shellcode .. so we'll be jumping to our shellcode right away
}
    Note : In this article we'll be using the exit shell-code we made in the previous article...However this program can be used to test any shell-code..

    This is the basic skeleton of the program...Check the comments...Its quite self-explanatory...

    Now lets have a look on our obdump :-

    Code:
    aneesh@aneesh-laptop:~/articles/ASM$ objdump -d shell 

shell:     file format elf32-i386 


Disassembly of section .text: 

08048060 <_start>: 
 8048060:	31 c0                	xor    %eax,%eax 
 8048062:	b0 01                	mov    $0x1,%al 
 8048064:	31 db                	xor    %ebx,%ebx 
 8048066:	b3 07                	mov    $0x7,%bl 
 8048068:	cd 80                	int    $0x80
    I explained the construction in the previous tutorial and would not be repeating it..

    So out set of opcodes will be :-

    Code:
    \x31\xc0\xb0\x01\x31\xdb\xb3\x07\xcd\x80
    A basic 10 byte exit shell-code..

    Lets add it to 'test.c' test it

    Code:
    // #include<stdio.h> we will not be needing this as we are not using any functions from the C library...Just basic logic of Pointers.. 

char shellcode[] = "\x31\xc0\xb0\x01\x31\xdb\xb3\x07\xcd\x80"; 

int main() 
{	 
	int *ret; // a simple integer pointer pointing a address 
	ret = (int *)&ret + 2; // change the address pointed by 
	(*ret) = (int)shellcode; 
}
    Compiling

    Code:
    aneesh@aneesh-laptop:~/articles/C$ gcc test.c -o test -fno-stack-protector

    Running

    Code:
    aneesh@aneesh-laptop:~/articles/C$ ./test 
aneesh@aneesh-laptop:~/articles/C$
    Ok... Thats a successful exit...

    Now lets verify that by knowing our exit status

    Code:
    aneesh@aneesh-laptop:~/articles/ASM$ echo $? 
7
    Stay tuned for more...
     
    lionaneesh, Feb 9, 2011
    SHARE #1
  2. lionaneesh

    lionaneesh Active Member

    Joined:
    Mar 21, 2010
    Messages:
    848
    Likes Received:
    224
    Trophy Points:
    43
    Occupation:
    Student
    Location:
    India
    Thanks.. For accepting.. 2 more in the queue...
     
    lionaneesh, Feb 11, 2011
    SHARE #2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice