Difference between revisions of "Shellcodecs"
(→Dependencies) |
(→Getting help) |
||
| Line 93: | Line 93: | ||
{{Warning|<center>We are not free technical support and reserve the right to revoke support to anyone for any reason at any time.</center>}} | {{Warning|<center>We are not free technical support and reserve the right to revoke support to anyone for any reason at any time.</center>}} | ||
| − | If you're using the tools and there's a problem, try re-reading [[shellcode|the documentation]] before asking a question. If you're absolutely sure it is programmatical error and not user error preventing the code from working properly, you can let us know by | + | If you're using the tools and there's a problem, try re-reading [[shellcode|the documentation]] before asking a question. If you're absolutely sure it is programmatical error and not user error preventing the code from working properly, you can let us know by talking on the shellcode talk page. |
=Credits= | =Credits= | ||
Revision as of 23:38, 24 May 2013
Shellcodecs is a collection of shellcodes, loaders, sources, and generators provided with documentation designed to ease the exploitation and shellcode programming process.
Contents
[hide]Dependencies
In order to run these shellcodes, the following dependencies are required:
Unless otherwise noted, code is amd64. There are various 32-bit examples as well. If you think you may have an out of date version, or that the official version is out-of-sync with the site, the latest sources will be available 100% of the time in the shellcode appendix.
Contents
Loaders
- 32-bit executable mmap-based shellcode loader 66 bytes (loader-32.s) (Docs)
- 64-bit executable mmap-based shellcode loader 79 bytes (loader-64.s) (Docs)
- A dynamic loader for locally executable code in C (dynamic-loader.c)
- A dynamic loader for remotely executable code (socket-loader.c)
Tools
- Nicely output shellcode in a variety of formats (shellcode-generator.py)
- Hash-generator for self-linking shellcode 81 bytes (hash-generator.s)
- Socket-reuse shellcode generator (socket-reuse-generator.py)
- Polymorphic socket reuse generator (poly-socket-reuse-generator.py)
- Sends socket reuse shellcode (socket-reuse.c)
- 32-bit shellcode packer 37 bytes (packer-32.s) (Docs)
- 64-bit shellcode packer 55 bytes (packer-64.s) (Docs)
- ELF64 symbol table parser 188 bytes (elf64-parser.s) (Docs)
Payloads
- Short unlinked 64-bit null-free setuid(0); execve('/bin/sh',0,0); 32 bytes (setuid_binsh.s) (Docs)
- Small unlinked 32-bit null-free write-to-file payload 90 bytes (write-file-32.s) (Docs)
- Null-free unlinked same-socket-shell payload 115 bytes (socket-reuse.s) (Docs)
- Alphanumeric amd64 execve('/bin/sh',0,0) 104 bytes (ascii_binsh.s) (Docs)
- Null-free dynamic ELF64 exit code 135 bytes (linked-exit.s) (Docs)
- Null-free dynamic ELF64 socket reuse shellcode 268 bytes (linker-fd-reuse.s) (Docs)
- Null-free polymorphic dynamic ELF64 socket reuse shellcode 268 bytes (poly-linker-fd-reuse.s)
Stubs
- A 32-bit getpc (%eax) example 11 bytes (getpc-32.s) (Docs)
- A 64-bit getpc (%rax) example 12 bytes (getpc-64.s) (Docs)
- Alternative 64-bit getpc 10 bytes (getpc-64-alt.s) (Docs)
- Int3 detection code 24 bytes (int3-detect-64.s) (Docs)
- 32-bit lastcall example code 4 bytes (lastcall-32.s) (Docs)
- 64-bit lastcall example code 5 bytes (lastcall-64.s) (Docs)
- 64-bit alphanumeric lastcall example code 13 bytes (lastcall-alphanum.s) (Docs)
- Alphanumeric x86* compatible getCPU 15 bytes (architecture_detection) (Docs)
- 32-bit shellcode unpacker 89 bytes (decoder-32.s) (Docs)
- 64-bit shellcode unpacker (mmap) 102 bytes (decoder-64.s) (Docs)
- 64-bit shellcode unpacker 69 bytes (decoder-64.s) (Docs)
Building the code
- tar xzvf shellcode.tgz
- cd shellcode
- make
It is also possible to make exclusively x86 or x64 binaries using make x86 or make x64. Please keep in mind, there is more support for 64-bit in this package than 32-bit.
Using the tools
[loaders] [generators]
Getting help
|
If you're using the tools and there's a problem, try re-reading the documentation before asking a question. If you're absolutely sure it is programmatical error and not user error preventing the code from working properly, you can let us know by talking on the shellcode talk page.
