Shellcodecs
Shellcodecs is a collection of shellcodes, loaders, sources, and generators designed to ease the exploitation and shellcode programming process.
These shellcodes are provided with documentation located at Shellcode
|
END USER IS LIABLE FOR THEIR OWN ACTIONS |
In order to run these shellcodes, the following dependencies are required:
Shellcodecs is a collection of shellcodes, loaders, sources, and generators designed to ease the exploitation and shellcode programming process.
Unless otherwise noted, code is amd64. There are various intel32 etc examples as well. If you're unaware, amd64 is the main linux tree for 64-bit, so if you have an intel, you should still be ok. If you think you may have an out of date version, or that the official version is out-of-sync with the site, the latest sources will be available 100% of the time in the shellcode appendix.
Contents
- 32-bit executable mmap-based shellcode loader 66 bytes (loader-32.s) (Docs)
- 64-bit executable mmap-based shellcode loader 79 bytes (loader-64.s) (Docs)
- A dynamic loader for locally executable code in C (dynamic-loader.c)
- A dynamic loader for remotely executable code (socket-loader.c)
- A 32-bit getpc (%eax) example 11 bytes (getpc-32.s) (Docs)
- A 64-bit getpc (%rax) example 12 bytes (getpc-64.s) (Docs)
- Alternative 64-bit getpc 10 bytes (getpc-64-alt.s) (Docs)
- int3 detection code 24 bytes (int3-detect-64.s) (Docs)
- 32-bit lastcall example code 4 bytes (lastcall-32.s) (Docs)
- 64-bit lastcall example code 5 bytes (lastcall-64.s) (Docs)
- 64-bit alphanumeric lastcall example code 13 bytes (lastcall-alphanum.s) (Docs)
Payloads
Description: A very short setuid(0); execve('/bin/sh',0,0);
Filename: setuid_binsh.s
Documentation: http://www.blackhatlibrary.net/Shellcode/Null-free
Length: 32 bytes
Description: A small write-to-file payload
Filename: write-file-32.s
Documentation: http://www.blackhatlibrary.net/Shellcode/Null-free
Length: 90 bytes
Description: same-socket-shell payload
Filename: socket-reuse.s
Documentation: http://blackhatlibrary.net/Shellcode/Socket-reuse
Length: 115 bytes
Description: sends socket reuse shellcode
Filename: socket-reuse.c
Description: 32-bit shellcode unpacker
Filename: decoder-32.s
Documentation: http://www.blackhatlibrary.net/Shellcode/Self-modifying#The_unpacker
Length: 89 bytes
Description: 64-bit decoder (mmap)
Filename: decoder.s
Documentation: http://www.blackhatlibrary.net/Shellcode/Self-modifying#The_unpacker
Length: 102 bytes
Description: 64-bit decoder
Filename: decoder-no-mmap.s
Documentation: http://www.blackhatlibrary.net/Shellcode/Self-modifying#The_unpacker
Length: 69 bytes
Description: 32-bit shellcode packer
Filename: packer-32.s
Documentation: http://www.blackhatlibrary.net/Shellcode/Self-modifying#32_bit
Length: 37 bytes
Description: 64-bit shellcode packer
Filename: packer-64.s
Documentation: http://www.blackhatlibrary.net/Shellcode/Self-modifying#64_bit
Length: 55 bytes
Filename: ascii_binsh.s
Description: alphanumeric execve('/bin/sh',0,0)
Documentation: http://www.blackhatlibrary.net/Shellcode/Alphanumeric
Length: 111 bytes
Filename: architecture_detection
Description: alphanumeric x86* compatible architecture detection stub
Documentation: http://www.blackhatlibrary.net/Shellcode/Environment
Length: 15 bytes
Description: Self-linking exit code
Filename: linked-exit.s
Documentation: http://www.blackhatlibrary.net/Shellcode/Dynamic
Length: 135 bytes
Description: Self-linking socket reuse shellcode
Filename: linker-fd-reuse.s
Documentation: http://www.blackhatlibrary.net/Shellcode/Dynamic#The_dynamic_shell
Length: 268 bytes
Description: Self-linking polymorphic socket reuse shellcode
Filename: poly-linker-fd-reuse.s
Documentation: None
Length: 268 bytes
Description: Hash generator for self-linking shellcode
Filename: hash-generator.s
Documentation: None
Length: 81 bytes
Description: Socket-reuse shellcode generator
Filename: socket-reuse-generator.py
Documentation: None
Description: Polymorphic socket reuse generator
Filename: poly-socket-reuse-generator.py
Documentation: None
Description: Nicely assemble and output shellcode in a variety of formats (raw, hex, and as a C variable)
Filename: shellcode-generator.py
Documentation: None
Building the code
* tar xzvf shellcode.tgz * cd shellcode * make It is also possible to make exclusively x86 or x64 binaries using make x86 or make x64. Please keep in mind, there is more support for 64-bit in this package than 32-bit.
Using the tools
[loaders] [generators]
Getting help
Note: We are not your free tech support.
03:54, 2 December 2012 (MSK)03:54, 2 December 2012 (MSK)03:54, 2 December 2012 (MSK)03:54, 2 December 2012 (MSK)03:54, 2 December 2012 (MSK)~~
Reminder: Docs are available at
http://www.blackhatlibrary.net/shellcode
If you're using the tools and there's a problem, try
re-reading the documentation before asking a question. If you're absolutely sure it is programmatical error and not user error preventing the code from working properly, you can let us know by joining our IRC or talking on the shellcode talk page.
If you'd like to pay for professional training on the
materials contained in this courseware, please contact our sponsor at www.viralsec.com
Credits
Lead developer: Hatter Supporting developers: jtRIPper, eax Community: www.blackhatlibrary.net Commercial: www.viralsec.com
