How to make shellcode-白红宇

How to make shellcode

阅读量：5346 次

发布时间：2019-06-15

本文共 1634 字，大约阅读时间需要 5 分钟。

;hello.asm[SECTION .text]global _start_start:        jmp short ender        starter:        xor eax, eax    ;clean up the registers        xor ebx, ebx        xor edx, edx        xor ecx, ecx        mov al, 4       ;syscall write        mov bl, 1       ;stdout is 1        pop ecx         ;get the address of the string from the stack        mov dl, 5       ;length of the string        int 0x80        xor eax, eax        mov al, 1       ;exit the shellcode        xor ebx,ebx        int 0x80        ender:        call starter	;put the address of the string on the stack        db 'hello'

$ nasm -f elf hello.asm$ ld -o hello hello.o$ objdump -d ./PROGRAM|grep '[0-9a-f]:'|grep -v 'file'|cut -f2 -d:|cut -f1-6 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|sed 's/ /\\x/g'|paste -d '' -s |sed 's/^/"/'|sed 's/$/"/g' or            by python

                            
from
subprocess 
import
Popen, PIPE
import
sys
def
shellcode_from_objdump(obj):
    
res 
=
''
    
p 
=
Popen([
'objdump'
, 
'-d'
, obj], stdout
=
PIPE, stderr
=
PIPE)
    
(stdoutdata, stderrdata) 
=
p.communicate()
    
if
p.returncode 
=
=
0
:
        
for
line 
in
stdoutdata.splitlines():
            
cols 
=
line.split(
'\t'
)
            
if
len
(cols) > 
2
:
                
for
b 
in
[b 
for
b 
in
cols[
1
].split(
' '
) 
if
b !
=
'']:
                    
res 
=
res 
+
(
'\\x%s'
%
b)
    
else
:
        
raise
ValueError(stderrdata)
    
return
res
if
__name__ 
=
=
'__main__'
:
    
if
len
(sys.argv) < 
2
:
        
print
'Usage: %s <obj_file>'
%
sys.argv[
0
]
        
sys.exit(
2
)
    
else
:
        
print
'Shellcode for %s:'
%
sys.argv[
1
]
        
print
shellcode_from_objdump(sys.argv[
1
])
    
sys.exit(
0
)
         
       