Writing Shellcode test Tools

Source: Internet
Author: User

Unknowingly, Shellcode has been an essential step in the process of successful attack, and subsequent articles will continue to describe how to write other types of shellcode. Until now, every time you finish Shellcode assembly code, you need to find the code to test before (or rewrite) the buffer overflow vulnerability, while constantly aligning the EIP with the ESP address. This is very inconvenient for testing the correctness of shellcode, and it is difficult to debug. To this end, we first write shellcode test tools, convenient to test the Shellcode, so-called sharpening does not mistake wood work.


shellcode Test Tool sctestWe named the tool Sctest, which is the abbreviation for Shell Code test. command usage: sctest <shellcode binary file >
the implementation of this program is simple:
1) Read Shellcode binary read to memory2) Load the Shellcode memory property into an executable3) Jump to the Shellcode execution
The code is as follows:


#include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <stdio.h> #include <sys/mman.h> #include <errno.h> #include <unistd.h> #include <stdlib.h>char code[4096] __    ATTRIBUTE__ ((aligned (4096))); int main (int argc, const char *argv[]) {int FD;    int ret;    void (*func) (void);        if (argc! = 2) {fprintf (stderr, "\n\tusage:sctest <shellcode>\n\n");    return 1;    } FD = open (argv[1], o_rdonly);        if (!FD) {fprintf (stderr, "Unable open file%s, Err =%d (%m) \ n", argv[1], errno);    return 2;    } ret = Read (FD, code, sizeof (code));        if (Ret < 0) {fprintf (stderr, "Unable read file%s, Err =%d (%m) \ n", argv[1], errno);    return 3;    } ret = Mprotect (code, sizeof (code), prot_exec);        if (Ret < 0) {fprintf (stderr, "unable mprotect, err =%d (%m) \ n", errno);    return 4;    }/* Execute Shell code */func = (void (*) (void)) code;    Func ();    Abort ();} 


compilingSo far , the shellcode environment is a 32-bit application, involving 64-bit applications later, and because the same program cannot mix 32 and 64-bit instructions, you need to compile two tools (32-bit and 64-bit)
$ gcc-wall-g-O sctest32 sctest.c-m32
$ gcc-wall-g-O sctest sctest.c

test the previous shellcode
in the previous article, we described how to write a local shellcode and test it with the Sctest32 tool:
current bash's PID
$ echo $$
2180
Test Shellcode
[Email protected]:~/exploit/tools$./sctest32. /shell2
PID of SH after running Shellcode
$ echo $$
3178

two PID different, indicating that Shell2 successfully launched a new SH
in the following shellcode introduction, we will use the Sctest32/sctest tool for independent testing without relying on the vulnerability code.

Writing Shellcode test Tools

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.