[c lang ] : shellcode 작성 ][test111 폴더 생성하기

c lang : shellcode 작성 ][test111 폴더 생성하기

■ 사용법

sudo apt install nasm

	section .text
	global _start
	_start:
	jmp folder
	main:
	xor rax,rax
	pop rdi
	mov si,0x1ef
	add al,83
	syscall
	xor rax,rax
	add al,60
	syscall
	folder:
	call main
	fname db "test111"

view raw shell.asm hosted with ❤ by GitHub

	nasm -f elf64 shell.asm -o shell.o
	ld shell.o -o shell
	./shell

view raw shell.asm.sh hosted with ❤ by GitHub

	objdump -d shell
	for i in $(objdump -d shell | grep "^ " | cut -f 2); do echo -n \\x$i; done
	\xeb\x13\x48\x31\xc0\x5f\x66\xbe\xef\x01\x04\x53\x0f\x05\x48\x31\xc0\x04\x3c\x0f\x05\xe8\xe8\xff\xff\xff\x74\x65\x73\x74\x31\x31\x31
	for i in $(objdump -d shell | grep "^ " | cut -f 2); do echo -n $i; done
	eb134831c05f66beef0104530f054831c0043c0f05e8e8ffffff74657374313131

view raw shell.sh hosted with ❤ by GitHub

	//
	// gcc -o test test.c -m64
	//
	#include <sys/types.h>
	#include <sys/stat.h>
	#include <sys/mman.h>
	#include <err.h>
	#include <fcntl.h>
	#include <stdio.h>
	#include <string.h>
	#include <unistd.h>
	unsigned char shellcode[] = "\xeb\x13\x48\x31\xc0\x5f\x66\xbe\xef\x01\x04\x53\x0f\x05\x48\x31\xc0\x04\x3c\x0f\x05\xe8\xe8\xff\xff\xff\x74\x65\x73\x74\x31\x31\x31";
	int
	main(void)
	{
	void (*p)();
	int fd;
	printf("Lenght: %d\n", strlen(shellcode));
	fd = open("/tmp/. ", O_RDWR|O_CREAT, S_IRUSR|S_IWUSR);
	if (fd < 0)
	err(1, "open");
	write(fd, shellcode, strlen(shellcode));
	if ((lseek(fd, 0L, SEEK_SET)) < 0)
	err(1, "lseek");
	p = (void (*)())mmap(NULL, strlen(shellcode), PROT_READ|PROT_EXEC, MAP_SHARED, fd, 0);
	if (p == (void (*)())MAP_FAILED)
	err(1, "mmap");
	p();
	printf("succ");
	return 0;
	}

view raw test.c hosted with ❤ by GitHub

gcc -o test test.c -m64

view raw test.sh hosted with ❤ by GitHub

https://speedr00t.tistory.com/596 

c lang : shellcode 작성 ][test111 폴더 생성하기

 

https://youtu.be/fXuPe3mJuso