How to make shellcode 

;hello.asm
[SECTION .text]

global _start


_start:

        jmp short ender

        starter:

        xor eax, eax    ;clean up the registers
        xor ebx, ebx
        xor edx, edx
        xor ecx, ecx

        mov al, 4       ;syscall write
        mov bl, 1       ;stdout is 1
        pop ecx         ;get the address of the string from the stack
        mov dl, 5       ;length of the string
        int 0x80

        xor eax, eax
        mov al, 1       ;exit the shellcode
        xor ebx,ebx
        int 0x80

        ender:
        call starter	;put the address of the string on the stack
        db 'hello'


$ nasm -f elf hello.asm
$ ld -o hello hello.o
$ objdump -d ./PROGRAM|grep '[0-9a-f]:'|grep -v 'file'|cut -f2 -d:|cut -f1-6 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|sed 's/ /\\x/g'|paste -d '' -s |sed 's/^/"/'|sed 's/$/"/g'

or
           by python
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
from subprocess import Popen, PIPE
import sys
 
def shellcode_from_objdump(obj):
    res = ''
    p = Popen(['objdump', '-d', obj], stdout=PIPE, stderr=PIPE)
    (stdoutdata, stderrdata) = p.communicate()
    if p.returncode == 0:
        for line in stdoutdata.splitlines():
            cols = line.split('\t')
            if len(cols) > 2:
                for b in [b for b in cols[1].split(' ') if b != '']:
                    res = res + ('\\x%s' % b)
    else:
        raise ValueError(stderrdata)
 
    return res
 
 
if __name__ == '__main__':
    if len(sys.argv) < 2:
        print 'Usage: %s <obj_file>' % sys.argv[0]
        sys.exit(2)
    else:
        print 'Shellcode for %s:' % sys.argv[1]
        print shellcode_from_objdump(sys.argv[1])
    sys.exit(0)
 


 






            

            
posted @ 
2012-10-26 20:09 
jeremyatchina 
阅读(260) 
评论(0) 
 
收藏 
举报