Results 1 to 1 of 1

Thread: tool to test RAW shellcode

  1. #1
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Cool tool to test RAW shellcode

    I found this amazing tool, about ten minutes after I posted this. https://github.com/inquisb/shellcodeexec

    But if you still want my version...

    Here's a cute script to test RAW shellcode for you shellcode writers out there. (There's a reason this is in the expert's section.
    Currently the script takes two options: -e to run the shellcode, and -p to print out working shellcode in hex format.

    Code:
    /*
    Shellcode tester and printer for linux.
    Idea from Buffer overflow attacks.
    Input: raw shellcode in a file
    
    Brought to you by: Shadow-Master
    
    */
    
    #include <stdio.h>
    #include <stdlib.h>
    #include <sys/types.h>
    #include <sys/stat.h>
    #include <unistd.h>
    #include <errno.h>
    
    static void croak(const char *msg) {
            fprintf(stderr, "%s\n", msg);
            fflush(stderr);
    }
    
    static void usage(const char *prgnam) {
            fprintf(stderr, "\nCode Execution: %s -e <Code file>\n", prgnam);
            fprintf(stderr,"Code Printing: %s -p <Code file>\n\n", prgnam);
            fflush(stderr);
            exit(1);
    }
    
    static void barf(const char *msg) {
            perror(msg);
            exit(1);
    }
    
    int main(int argc, char **argv) {
            FILE *fp;
            void *code;
            int arg;
            int i;
            int l;
            int m = 15;
    
            struct stat sbuf;
            long flen;
            void (*fptr)(void);
    
            if(argc < 3) usage(argv[0]);
            if(stat(argv[2], &sbuf)) barf("Failed to stat file.");
    
            flen = (long) sbuf.st_size;
            if(!(code = malloc(flen))) barf("Failed to grab the required memory.");
    
            if(!(fp = fopen(argv[2], "rb"))) barf("Failed to open file.");
            if(fread(code, 1, flen, fp) != flen) barf("Failed to read file.");
            if(fclose(fp)) barf("Failed to close file.");
    
            while ((arg = getopt (argc, argv, "e:p:")) != -1){
                    switch (arg){
                            case 'e':
                                    croak("Calling Code...");
                                    fptr = (void (*)(void)) code;
                                    (*fptr)();
                                    break;
                            case 'p':
                                    printf("\n/* The following ShellCode is %d bytes long: */\n", flen);
                                    printf("\nchar shellcode[] =\n");
                                    l = m;
                                    for(i = 0; i < flen; i++) {
                                            if(l >= m) {
                                                    if(i) printf("\"\n");
                                                    printf("\t\"");
                                                    l = 0;
                                            }
                                            ++l;
                                            printf("\\x%02x", ((unsigned char *)code)[i]);
                                    }
                                    printf("\";\n\n\n");
                                    break;
                            default :
                                    usage(argv[0]);
                            }
                    }
            return 0;
    }

    windows port to be compiled with mingw under wine:
    Code:
    /*
    Shellcode tester and printer for linux.
    Idea from Buffer overflow attacks.
    Input: raw shellcode in a file
    
    Brought to you by: Shadow-Master
    
    */
    
    #include <windows.h>
    #include <stdio.h>
    #include <stdlib.h>
    #include <sys/types.h>
    #include <sys/stat.h>
    #include <errno.h>
    
    static void croak(const char *msg) {
            fprintf(stderr, "%s\n", msg);
            fflush(stderr);
    }
    
    static void usage(const char *prgnam) {
            fprintf(stderr, "\nCode Execution: %s -e <Code file>\n", prgnam);
            fprintf(stderr,"Code Printing: %s -p <Code file>\n\n", prgnam);
            fflush(stderr);
            exit(1);
    }
    
    static void barf(const char *msg) {
            perror(msg);
            exit(1);
    }
    
    int main(int argc, char **argv) {
            FILE *fp;
            void *code;
            int arg;
            int i;
            int l;
            int m = 15;
    
            struct stat sbuf;
            long flen;
            void (*fptr)(void);
    
            if(argc < 3) usage(argv[0]);
            if(stat(argv[2], &sbuf)) barf("Failed to stat file.");
    
            flen = (long) sbuf.st_size;
            if(!(code = malloc(flen))) barf("Failed to grab the required memory.");
    
            if(!(fp = fopen(argv[2], "rb"))) barf("Failed to open file.");
            if(fread(code, 1, flen, fp) != flen) barf("Failed to read file.");
            if(fclose(fp)) barf("Failed to close file.");
    		
    		switch (argv[1][1]) {
    			case 'e':
    				croak("Calling Code...");
    				fptr = (void (*)(void)) code;
    				(*fptr)();
    				break;
    			case 'p':
    				printf("\n/* The following ShellCode is %d bytes long: */\n", flen);
    				printf("\nchar shellcode[] =\n");
    				l = m;
    				for(i = 0; i < flen; i++) {
    						if(l >= m) {
    								if(i) printf("\"\n");
    								printf("\t\"");
    								l = 0;
    						}
    						++l;
    						printf("\\x%02x", ((unsigned char *)code)[i]);
    				}
    				printf("\";\n\n\n");
    				break;
    			default:
    				usage(argv[0]);
    		}
            return 0;
    }
    If you have any requests or want to add any options feel free.
    Last edited by ShadowMaster; 05-13-2012 at 06:56 PM. Reason: new info
    World Domination is such an ugly phrase. I prefer the term World Optimization.

Similar Threads

  1. ShellCode
    By trisogono in forum BackTrack 5 General Topics
    Replies: 2
    Last Post: 07-29-2011, 04:00 PM
  2. sectool : Tool for Security Audit Tool and IDS
    By firebits in forum Tool Requests
    Replies: 3
    Last Post: 01-27-2011, 11:23 AM
  3. blind sql injection test tool
    By thrthr in forum Beginners Forum
    Replies: 3
    Last Post: 08-22-2010, 02:16 AM
  4. Tool request: NSAT (network security analysis tool)
    By williamc in forum OLD BT3beta General
    Replies: 10
    Last Post: 06-03-2008, 04:33 PM
  5. shellcode help
    By godlike in forum OLD Newbie Area
    Replies: 1
    Last Post: 02-15-2008, 06:07 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •