[c lang ] : read and execute shellcode from a File

■ 사용법

sudo apt install nasm

	section .text
	global _start
	_start:
	jmp folder
	main:
	xor rax,rax
	pop rdi
	mov si,0x1ef
	add al,83
	syscall
	xor rax,rax
	add al,60
	syscall
	folder:
	call main
	fname db "test111"

view raw shell.asm hosted with ❤ by GitHub

	nasm -f elf64 shell.asm -o shell.o
	ld shell.o -o shell
	./shell

view raw shell.asm.sh hosted with ❤ by GitHub

	objdump -d shell
	for i in $(objdump -d shell | grep "^ " | cut -f 2); do echo -n \\x$i; done
	\xeb\x13\x48\x31\xc0\x5f\x66\xbe\xef\x01\x04\x53\x0f\x05\x48\x31\xc0\x04\x3c\x0f\x05\xe8\xe8\xff\xff\xff\x74\x65\x73\x74\x31\x31\x31
	for i in $(objdump -d shell | grep "^ " | cut -f 2); do echo -n $i; done
	eb134831c05f66beef0104530f054831c0043c0f05e8e8ffffff74657374313131

view raw shell.sh hosted with ❤ by GitHub

	//
	// gcc -o shellcode_type3 shellcode_type3.c -m64
	//
	#include <stdio.h>
	#include <sys/mman.h>
	#include <sys/stat.h>
	#include <stdlib.h>
	#include <unistd.h>
	int main(int argc, char ** argv )
	{
	if( argc < 2 ) {
	printf("[-] usage : \n");
	printf("%s path \n", argv[0]);
	printf("%s shellcode.bin \n", argv[0]);
	return 0;
	}
	printf("[+] shllcode flle path = %s\n", argv[1]);
	if( access( argv[1] , F_OK ) == -1 ){
	printf("[-] there are no file in the path \n");
	return 0;
	}
	FILE *file = fopen(argv[1], "r");
	unsigned char *buf;
	int length = 0;
	struct stat st;
	int v;
	fstat(fileno(file), &st);
	buf = valloc(st.st_size);
	while (fscanf(file, "\\x%02x", &v) == 1)
	{
	buf[length++] = v;
	}
	fclose(file);
	mprotect(buf, length, PROT_EXEC);
	int (*ret)() = (int (*)())buf;
	ret();
	return 0;
	}

view raw shellcode_type3.c hosted with ❤ by GitHub

https://youtu.be/o02PPfknuP4