Shellcoding Updated...advanced hacked

[zbeng]

SCUZATI COPI/PAST DAR CRED CAI INTERESANT SI POATE LA VRO CINEVA II VINE BINE

here are a few things that maybe useful to those of you who wish to begin in shellcoding.

firstly, you will want to write shellcode in assembly. disassemble a C++ program, a simple cout << "whatever";

look how many op codes there are, it is a lot.

i use FASM, http://www.flatassembler.net, as i like it.

i have attached the shellcoders handbook as well, its a good read.

A C program i have found useful in the past for writing shell code is this...its on milw0rm, but here it is.

#include <stdlib.h>

#include <string.h>



char shellcode[]=

"x31xc0x31xdbx31xc9x31xd2xebx37x59x88x51x0axbb"

"x77x1dx80x7c"    //***LoadLibraryA(libraryname) IN WinXP sp2***

"x51xffxd3xebx39x59x31xd2x88x51x0bx51x50xbb"

"x28xacx80x7c"   //***GetProcAddress(hmodule,functionname) IN sp2***

"xffxd3xebx39x59x31xd2x88x51x06x31xd2x52x51"

"x51x52xffxd0x31xd2x50xb8xa2xcax81x7cxffxd0xe8xc4xff"

"xffxffx75x73x65x72x33x32x2ex64x6cx6cx4exe8xc2xffxff"

"xffx4dx65x73x73x61x67x65x42x6fx78x41x4exe8xc2xffxff"

"xffx4fx6dx65x67x61x37x4e";



/*MessageBox shellcode for Windoew xp sp2 */



int main ()

{

int *ret;

ret=(int *)&ret+2;

printf("Shellcode Length is : %d",strlen(shellcode));

(*ret)=(int)shellcode;

return 0;

}

simply replace the opcodes with your shellcode, and if its correct it will execute it for you, and tell you the length.

shellcoders handbook:

http://www.megaupload.com/?d=1AIXFVH (found link at: http://www.tuttoallalettera.com/wpb/...ders-handbook/)

this was just to get this forum rolling a bit, feel free to ask for help or add some more stuff.

stay safe

Update:

this is a perl script that i have also found useful in writing shellcode, it dumps the hex bytes of an exe file.

it makes it so much simpler, rather than having to open up a hexeditor and do it by hand.

you need perl installed, obviously.

again, i advise you compile the app from assembly, because C++ is poo for writing shellcode, for 2 reasons. firstly its big, and secondly it has a nasty habit of referencing to relative address' in its own app, and those adress will be useless in any other app, making invalid shellcode.

#

# DumpHex v1.0 | Reed Arvin reedarvin[at]gmail[dot]com

#

# Usage:

# DumpHex.pl <file name>

# DumpHex.pl MyBin.exe

#

############################



use strict;



my($strInputFile) = $ARGV[0];

my($intByteCount) = "";

my($binBytes) = "";

my($intReadLength) = "";



if ($#ARGV ne "0")

{

 print "DumpHex v1.0 | Reed Arvin reedarvin[at]gmail[dot]comn";

 print "n";

 print "Usage:n";

 print "DumpHex.pl <file name>n";

 print "DumpHex.pl MyBin.exen";



 exit;

}



$intReadLength = 16;



if (open(INPUTFILE, "< $strInputFile"))

{

 open(OUTPUTFILE, "> $strInputFile.txt");



 binmode(INPUTFILE);



 $intByteCount = 0;



 while (read(INPUTFILE, $binBytes, $intReadLength))

 {

  print (OUTPUTFILE uc(unpack("H" . ($intReadLength * 2), $binBytes)), "n");

 }



 close(INPUTFILE);

 close(OUTPUTFILE);

}

else

{

 print "ERROR! Cannot open file $strInputFile";

}



# Written by Reed Arvin reedarvin[at]gmail[dot]com