Writing Shellcode test Tools

Unknowingly, Shellcode has been an essential step in the process of successful attack, and subsequent articles will continue to describe how to write other types of shellcode. Until now, every time you finish Shellcode assembly code, you need to find the code to test before (or rewrite) the buffer overflow vulnerability, while constantly aligning the EIP with the ESP address. This is very inconvenient for testing the correctness of shellcode, and it is difficult to debug. To this end, we first write shellcode test tools, convenient to test the Shellcode, so-called sharpening does not mistake wood work.

shellcode Test Tool sctestWe named the tool Sctest, which is the abbreviation for Shell Code test. command usage: sctest <shellcode binary file >
the implementation of this program is simple:
1) Read Shellcode binary read to memory2) Load the Shellcode memory property into an executable3) Jump to the Shellcode execution
The code is as follows:

#include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <stdio.h> #include <sys/mman.h> #include <errno.h> #include <unistd.h> #include <stdlib.h>char code[4096] __    ATTRIBUTE__ ((aligned (4096))); int main (int argc, const char *argv[]) {int FD;    int ret;    void (*func) (void);        if (argc! = 2) {fprintf (stderr, "\n\tusage:sctest <shellcode>\n\n");    return 1;    } FD = open (argv[1], o_rdonly);        if (!FD) {fprintf (stderr, "Unable open file%s, Err =%d (%m) \ n", argv[1], errno);    return 2;    } ret = Read (FD, code, sizeof (code));        if (Ret < 0) {fprintf (stderr, "Unable read file%s, Err =%d (%m) \ n", argv[1], errno);    return 3;    } ret = Mprotect (code, sizeof (code), prot_exec);        if (Ret < 0) {fprintf (stderr, "unable mprotect, err =%d (%m) \ n", errno);    return 4;    }/* Execute Shell code */func = (void (*) (void)) code;    Func ();    Abort ();} 

compilingSo far , the shellcode environment is a 32-bit application, involving 64-bit applications later, and because the same program cannot mix 32 and 64-bit instructions, you need to compile two tools (32-bit and 64-bit)
$ gcc-wall-g-O sctest32 sctest.c-m32
$ gcc-wall-g-O sctest sctest.c

test the previous shellcode
in the previous article, we described how to write a local shellcode and test it with the Sctest32 tool:
current bash's PID
$ echo $$
2180
Test Shellcode
[Email protected]:~/exploit/tools$./sctest32. /shell2
PID of SH after running Shellcode
$ echo $$
3178

two PID different, indicating that Shell2 successfully launched a new SH
in the following shellcode introduction, we will use the Sctest32/sctest tool for independent testing without relying on the vulnerability code.

Writing Shellcode test Tools