Difference between revisions of "Shellcodecs"
(→Contents) |
(→Contents) |
||
Line 30: | Line 30: | ||
<div style="width:600px; overflow:none; border:1px solid black; margin:4px; padding: 3px; border-radius:11px"> | <div style="width:600px; overflow:none; border:1px solid black; margin:4px; padding: 3px; border-radius:11px"> | ||
− | <center>''' | + | <center>'''Stubs'''</center> |
----- | ----- | ||
Line 37: | Line 37: | ||
:* A 64-bit getpc (%rax) example ''12 bytes'' ([[Shellcode/Appendix#getpc-64.s|getpc-64.s]]) ([[Shellcode/Environment#x64|Docs]]) | :* A 64-bit getpc (%rax) example ''12 bytes'' ([[Shellcode/Appendix#getpc-64.s|getpc-64.s]]) ([[Shellcode/Environment#x64|Docs]]) | ||
:* Alternative 64-bit getpc ''10 bytes'' ([[Shellcode/Appendix#getpc-64-alt.s|getpc-64-alt.s]]) ([[Shellcode/Environment#x64|Docs]]) | :* Alternative 64-bit getpc ''10 bytes'' ([[Shellcode/Appendix#getpc-64-alt.s|getpc-64-alt.s]]) ([[Shellcode/Environment#x64|Docs]]) | ||
− | :* | + | :* Int3 detection code ''24 bytes'' ([[Shellcode/Appendix#int3-detect-64.s|int3-detect-64.s]]) ([[Shellcode/Environment#int3_breakpoints|Docs]]) |
:* 32-bit lastcall example code ''4 bytes'' ([[Shellcode/Appendix#lastcall-32.s|lastcall-32.s]]) ([[Shellcode/Environment#Null-free|Docs]]) | :* 32-bit lastcall example code ''4 bytes'' ([[Shellcode/Appendix#lastcall-32.s|lastcall-32.s]]) ([[Shellcode/Environment#Null-free|Docs]]) | ||
:* 64-bit lastcall example code ''5 bytes'' ([[Shellcode/Appendix#lastcall-64.s|lastcall-64.s]]) ([[Shellcode/Environment#Null-free_2|Docs]]) | :* 64-bit lastcall example code ''5 bytes'' ([[Shellcode/Appendix#lastcall-64.s|lastcall-64.s]]) ([[Shellcode/Environment#Null-free_2|Docs]]) | ||
:* 64-bit alphanumeric lastcall example code ''13 bytes'' ([[Shellcode/Appendix#lastcall-alphanum.s|lastcall-alphanum.s]]) ([[Shellcode/Environment#Alphanumeric_2|Docs]]) | :* 64-bit alphanumeric lastcall example code ''13 bytes'' ([[Shellcode/Appendix#lastcall-alphanum.s|lastcall-alphanum.s]]) ([[Shellcode/Environment#Alphanumeric_2|Docs]]) | ||
+ | :* Alphanumeric x86* compatible getCPU ''15 bytes'' ([[Shellcode/Appendix#architecture_detection|architecture_detection]]) ([[Shellcode/Environment#Practically_Applied:_Code|Docs]]) | ||
+ | :* 32-bit shellcode unpacker ''89 bytes'' ([[Shellcode/Appendix#decoder-32.s|decoder-32.s]]) ([[Shellcode/Self-modifying#The_unpacker|Docs]]) | ||
+ | :* 64-bit shellcode unpacker (mmap) ''102 bytes'' ([[Shellcode/Appendix#decoder-64.s|decoder-64.s]]) ([[Shellcode/Self-modifying#The_unpacker|Docs]]) | ||
+ | :* 64-bit shellcode unpacker ''69 bytes'' ([[Shellcode/Appendix#decoder-64.s|decoder-64.s]]) ([[Shellcode/Self-modifying#The_unpacker|Docs]]) | ||
+ | |||
</div> | </div> | ||
Line 72: | Line 77: | ||
----- | ----- | ||
− | |||
− | |||
− | |||
:* 32-bit shellcode packer ''37 bytes'' ([[Shellcode/Appendix#packer-32.s|packer-32.s]]) ([[Shellcode/Self-modifying#32_bit]]) | :* 32-bit shellcode packer ''37 bytes'' ([[Shellcode/Appendix#packer-32.s|packer-32.s]]) ([[Shellcode/Self-modifying#32_bit]]) | ||
:* 64-bit shellcode packer ''55 bytes'' ([[Shellcode/Appendix#packer-64.s|packer-64.s]]) ([[Shellcode/Self-modifying#64_bit]]) | :* 64-bit shellcode packer ''55 bytes'' ([[Shellcode/Appendix#packer-64.s|packer-64.s]]) ([[Shellcode/Self-modifying#64_bit]]) | ||
Line 86: | Line 88: | ||
----- | ----- | ||
:* alphanumeric execve('/bin/sh',0,0) ''104 bytes'' ([[Shellcode/Appendix#ascii_binsh.s|ascii_binsh.s]]) ([[Shellcode/Alphanumeric|Docs]]) | :* alphanumeric execve('/bin/sh',0,0) ''104 bytes'' ([[Shellcode/Appendix#ascii_binsh.s|ascii_binsh.s]]) ([[Shellcode/Alphanumeric|Docs]]) | ||
− | |||
</div> | </div> |
Revision as of 03:05, 2 December 2012
Shellcodecs is a collection of shellcodes, loaders, sources, and generators designed to ease the exploitation and shellcode programming process.
These shellcodes are provided with documentation located at Shellcode
END USER IS LIABLE FOR THEIR OWN ACTIONS |
In order to run these shellcodes, the following dependencies are required:
Shellcodecs is a collection of shellcodes, loaders, sources, and generators designed to ease the exploitation and shellcode programming process.
Unless otherwise noted, code is amd64. There are various intel32 etc examples as well. If you're unaware, amd64 is the main linux tree for 64-bit, so if you have an intel, you should still be ok. If you think you may have an out of date version, or that the official version is out-of-sync with the site, the latest sources will be available 100% of the time in the shellcode appendix.
Contents
- 32-bit executable mmap-based shellcode loader 66 bytes (loader-32.s) (Docs)
- 64-bit executable mmap-based shellcode loader 79 bytes (loader-64.s) (Docs)
- A dynamic loader for locally executable code in C (dynamic-loader.c)
- A dynamic loader for remotely executable code (socket-loader.c)
- A 32-bit getpc (%eax) example 11 bytes (getpc-32.s) (Docs)
- A 64-bit getpc (%rax) example 12 bytes (getpc-64.s) (Docs)
- Alternative 64-bit getpc 10 bytes (getpc-64-alt.s) (Docs)
- Int3 detection code 24 bytes (int3-detect-64.s) (Docs)
- 32-bit lastcall example code 4 bytes (lastcall-32.s) (Docs)
- 64-bit lastcall example code 5 bytes (lastcall-64.s) (Docs)
- 64-bit alphanumeric lastcall example code 13 bytes (lastcall-alphanum.s) (Docs)
- Alphanumeric x86* compatible getCPU 15 bytes (architecture_detection) (Docs)
- 32-bit shellcode unpacker 89 bytes (decoder-32.s) (Docs)
- 64-bit shellcode unpacker (mmap) 102 bytes (decoder-64.s) (Docs)
- 64-bit shellcode unpacker 69 bytes (decoder-64.s) (Docs)
- A very short setuid(0); execve('/bin/sh',0,0); 32 bytes (setuid_binsh.s) (Docs)
- A small write-to-file payload 90 bytes (write-file-32.s) (Docs)
- Same-socket-shell payload 115 bytes (socket-reuse.s) (Docs)
- Sends socket reuse shellcode (socket-reuse.c)
- 32-bit shellcode packer 37 bytes (packer-32.s) (Shellcode/Self-modifying#32_bit)
- 64-bit shellcode packer 55 bytes (packer-64.s) (Shellcode/Self-modifying#64_bit)
- Self-linking exit code 135 bytes (linked-exit.s) (Docs)
- Self-linking socket reuse shellcode 268 bytes (linker-fd-reuse.s) (Docs)
- Self-linking polymorphic socket reuse shellcode 268 bytes (poly-linker-fd-reuse.s)
- Hash-generator for self-linking shellcode 81 bytes (hash-generator.s)
- Socket-reuse shellcode generator (socket-reuse-generator.py)
- Polymorphic socket reuse generator (poly-socket-reuse-generator.py)
- Nicely assemble and output shellcode in a variety of formats (raw, hex, and as a C variable) (shellcode-generator.py)
Building the code
* tar xzvf shellcode.tgz * cd shellcode * make It is also possible to make exclusively x86 or x64 binaries using make x86 or make x64. Please keep in mind, there is more support for 64-bit in this package than 32-bit.
Using the tools
[loaders] [generators]
Getting help
Note: We are not your free tech support. 03:54, 2 December 2012 (MSK)03:54, 2 December 2012 (MSK)03:54, 2 December 2012 (MSK)03:54, 2 December 2012 (MSK)03:54, 2 December 2012 (MSK)~~ Reminder: Docs are available at http://www.blackhatlibrary.net/shellcode If you're using the tools and there's a problem, try
re-reading the documentation before asking a question. If you're absolutely sure it is programmatical error and not user error preventing the code from working properly, you can let us know by joining our IRC or talking on the shellcode talk page.
If you'd like to pay for professional training on the
materials contained in this courseware, please contact our sponsor at www.viralsec.com
Credits
Lead developer: Hatter Supporting developers: jtRIPper, eax Community: www.blackhatlibrary.net Commercial: www.viralsec.com