zbeng Posted May 28, 2006 Report Share Posted May 28, 2006 SCUZATI COPI/PAST DAR CRED CAI INTERESANT SI POATE LA VRO CINEVA II VINE BINEhere are a few things that maybe useful to those of you who wish to begin in shellcoding.firstly, you will want to write shellcode in assembly. disassemble a C++ program, a simple cout << "whatever";look how many op codes there are, it is a lot.i use FASM, http://www.flatassembler.net, as i like it.i have attached the shellcoders handbook as well, its a good read.A C program i have found useful in the past for writing shell code is this...its on milw0rm, but here it is.#include <stdlib.h>#include <string.h>char shellcode[]="x31xc0x31xdbx31xc9x31xd2xebx37x59x88x51x0axbb""x77x1dx80x7c"   //***LoadLibraryA(libraryname) IN WinXP sp2***"x51xffxd3xebx39x59x31xd2x88x51x0bx51x50xbb""x28xacx80x7c"  //***GetProcAddress(hmodule,functionname) IN sp2***"xffxd3xebx39x59x31xd2x88x51x06x31xd2x52x51""x51x52xffxd0x31xd2x50xb8xa2xcax81x7cxffxd0xe8xc4xff""xffxffx75x73x65x72x33x32x2ex64x6cx6cx4exe8xc2xffxff""xffx4dx65x73x73x61x67x65x42x6fx78x41x4exe8xc2xffxff""xffx4fx6dx65x67x61x37x4e";/*MessageBox shellcode for Windoew xp sp2 */int main (){int *ret;ret=(int *)&ret+2;printf("Shellcode Length is : %d",strlen(shellcode));(*ret)=(int)shellcode;return 0;}simply replace the opcodes with your shellcode, and if its correct it will execute it for you, and tell you the length.shellcoders handbook:http://www.megaupload.com/?d=1AIXFVH (found link at: http://www.tuttoallalettera.com/wpb/...ders-handbook/)this was just to get this forum rolling a bit, feel free to ask for help or add some more stuff.stay safeUpdate:this is a perl script that i have also found useful in writing shellcode, it dumps the hex bytes of an exe file.it makes it so much simpler, rather than having to open up a hexeditor and do it by hand.you need perl installed, obviously.again, i advise you compile the app from assembly, because C++ is poo for writing shellcode, for 2 reasons. firstly its big, and secondly it has a nasty habit of referencing to relative address' in its own app, and those adress will be useless in any other app, making invalid shellcode.## DumpHex v1.0 | Reed Arvin reedarvin[at]gmail[dot]com## Usage:# DumpHex.pl <file name># DumpHex.pl MyBin.exe#############################use strict;my($strInputFile) = $ARGV[0];my($intByteCount) = "";my($binBytes) = "";my($intReadLength) = "";if ($#ARGV ne "0"){ print "DumpHex v1.0 | Reed Arvin reedarvin[at]gmail[dot]comn"; print "n"; print "Usage:n"; print "DumpHex.pl <file name>n"; print "DumpHex.pl MyBin.exen"; exit;}$intReadLength = 16;if (open(INPUTFILE, "< $strInputFile")){ open(OUTPUTFILE, "> $strInputFile.txt"); binmode(INPUTFILE); $intByteCount = 0; while (read(INPUTFILE, $binBytes, $intReadLength)) {  print (OUTPUTFILE uc(unpack("H" . ($intReadLength * 2), $binBytes)), "n"); } close(INPUTFILE); close(OUTPUTFILE);}else{ print "ERROR! Cannot open file $strInputFile";}# Written by Reed Arvin reedarvin[at]gmail[dot]com Quote Link to comment Share on other sites More sharing options...