Revision as of 01:12, 2 December 2012

Shellcodecs is a collection of shellcodes, loaders, sources, and generators designed to ease the exploitation and shellcode programming process.

These shellcodes are provided with documentation located at Shellcode

END USER IS LIABLE FOR THEIR OWN ACTIONS

In order to run these shellcodes, the following dependencies are required:

• Linux
• GCC
• Generators require Python 2.7
• Automake

Shellcodecs is a collection of shellcodes, loaders, sources, and generators designed to ease the exploitation and shellcode programming process.

Unless otherwise noted, code is amd64. There are various intel32 etc examples as well. If you're unaware, amd64 is the main linux tree for 64-bit, so if you have an intel, you should still be ok. If you think you may have an out of date version, or that the official version is out-of-sync with the site, the latest sources will be available 100% of the time in the shellcode appendix.

Contents

Loaders ---

• 32-bit executable mmap-based shellcode loader 66 bytes (loader-32.s) (Docs)
• 64-bit executable mmap-based shellcode loader 79 bytes (loader-64.s) (Docs)
• A dynamic loader for locally executable code in C (dynamic-loader.c)
• A dynamic loader for remotely executable code (socket-loader.c)

Environment ---

       Description:   A 32-bit getpc (%eax) example
       Filename:      getpc-32.s
       Documentation: Docs
       Length:        11 bytes
       Description:   A 64-bit getpc (%rax) example
       Filename:      getpc-64.s
       Documentation: http://www.blackhatlibrary.net/Shellcode/Environment#GetPc
       Length:        12 bytes
       Description:   Alternative 64-bit getpc (%rax) example
       Filename:      getpc-64-alt.s
       Documentation: http://www.blackhatlibrary.net/Shellcode/Environment#GetPc
       Length:        10 bytes
       Description:   Breakpoint detection code
       Filename:      int3-detect-64.s
       Documentation: http://www.blackhatlibrary.net/Shellcode/Environment#int3_breakpoints
       Length:        24 bytes
       Description:   32-bit lastcall example code
       Filename:      lastcall-32.s
       Documentation: http://www.blackhatlibrary.net/Shellcode/Environment#32-bit
       Length:        4 bytes
       Description:   64-bit lastcall example
       Filename:      lastcall-64.s
       Documentation: http://www.blackhatlibrary.net/Shellcode/Environment#64-bit
       Length:        5 bytes
       Description:   Alphanumeric lastcall
       Filename:      lastcall-alphanum.s
       Documentation: http://www.blackhatlibrary.net/Shellcode/Environment#Alphanumeric_2
       Length:        13 bytes

Payloads

Null-free

       Description:   A very short setuid(0); execve('/bin/sh',0,0);
       Filename:      setuid_binsh.s
       Documentation: http://www.blackhatlibrary.net/Shellcode/Null-free
       Length:        32 bytes
       Description:   A small write-to-file payload
       Filename:      write-file-32.s
       Documentation: http://www.blackhatlibrary.net/Shellcode/Null-free
       Length:        90 bytes

socket-reuse

       Description:   same-socket-shell payload
       Filename:      socket-reuse.s
       Documentation: http://blackhatlibrary.net/Shellcode/Socket-reuse
       Length:        115 bytes
       Description:   sends socket reuse shellcode 
       Filename:      socket-reuse.c

self-modifying

       Description:   32-bit shellcode unpacker
       Filename:      decoder-32.s
       Documentation: http://www.blackhatlibrary.net/Shellcode/Self-modifying#The_unpacker
       Length:        89 bytes
       Description:   64-bit decoder (mmap)
       Filename:      decoder.s
       Documentation: http://www.blackhatlibrary.net/Shellcode/Self-modifying#The_unpacker
       Length:        102 bytes
       Description:   64-bit decoder
       Filename:      decoder-no-mmap.s
       Documentation: http://www.blackhatlibrary.net/Shellcode/Self-modifying#The_unpacker
       Length:        69 bytes
       Description:   32-bit shellcode packer
       Filename:      packer-32.s
       Documentation: http://www.blackhatlibrary.net/Shellcode/Self-modifying#32_bit
       Length:        37 bytes
       Description:   64-bit shellcode packer
       Filename:      packer-64.s
       Documentation: http://www.blackhatlibrary.net/Shellcode/Self-modifying#64_bit
       Length:        55 bytes

alphanumeric

       Filename:      ascii_binsh.s     
       Description:   alphanumeric execve('/bin/sh',0,0)
       Documentation: http://www.blackhatlibrary.net/Shellcode/Alphanumeric
       Length:        111 bytes
       Filename:      architecture_detection
       Description:   alphanumeric x86* compatible architecture detection stub
       Documentation: http://www.blackhatlibrary.net/Shellcode/Environment
       Length:        15 bytes

dynamic

       Description:   Self-linking exit code
       Filename:      linked-exit.s
       Documentation: http://www.blackhatlibrary.net/Shellcode/Dynamic
       Length:        135 bytes
       Description:   Self-linking socket reuse shellcode
       Filename:      linker-fd-reuse.s
       Documentation: http://www.blackhatlibrary.net/Shellcode/Dynamic#The_dynamic_shell
       Length:        268 bytes
       Description:   Self-linking polymorphic socket reuse shellcode
       Filename:      poly-linker-fd-reuse.s
       Documentation: None
       Length:        268 bytes

generators

       Description:   Hash generator for self-linking shellcode 
       Filename:      hash-generator.s
       Documentation: None
       Length:        81 bytes
       Description:   Socket-reuse shellcode generator 
       Filename:      socket-reuse-generator.py
       Documentation: None
       
       Description:   Polymorphic socket reuse generator
       Filename:      poly-socket-reuse-generator.py
       Documentation: None
       
       Description:   Nicely assemble and output shellcode in a variety of formats (raw, hex, and as a C variable) 
       Filename:      shellcode-generator.py
       Documentation: None

Building the code

   * tar xzvf shellcode.tgz
   * cd shellcode
   * make 
   It is also possible to make exclusively x86 or x64 
   binaries using make x86 or make x64.  Please keep in
   mind, there is more support for 64-bit in this 
   package than 32-bit.    

Using the tools

   [loaders]
   [generators]   

Getting help

       Note: We are not your free tech support.
            03:54, 2 December 2012 (MSK)03:54, 2 December 2012 (MSK)03:54, 2 December 2012 (MSK)03:54, 2 December 2012 (MSK)03:54, 2 December 2012 (MSK)~~
          Reminder: Docs are available at 
      http://www.blackhatlibrary.net/shellcode 
  If you're using the tools and there's a problem, try 

re-reading the documentation before asking a question. If you're absolutely sure it is programmatical error and not user error preventing the code from working properly, you can let us know by joining our IRC or talking on the shellcode talk page.

  If you'd like to pay for professional training on the

materials contained in this courseware, please contact our sponsor at www.viralsec.com

Credits

 Lead developer:        Hatter
 Supporting developers: jtRIPper, eax
 Community:   www.blackhatlibrary.net
 Commercial:     www.viralsec.com