Skip to content

Instantly share code, notes, and snippets.

@d33tah

d33tah/Dockerfile

Created February 4, 2021 14:31
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save d33tah/51635def151013eca5323658522073e4 to your computer and use it in GitHub Desktop.
Save d33tah/51635def151013eca5323658522073e4 to your computer and use it in GitHub Desktop.
Download ZIP
Shellcode test environment
Raw
a.c
#include <unistd.h>
#include <sys/mman.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
int main()
{
char* buf= mmap(NULL, 1024,
PROT_READ | PROT_EXEC | PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
void (*f)(void) = buf;
int fd = socket(AF_INET, SOCK_STREAM, 0);
int result;
struct addrinfo* sa = malloc(sizeof(struct addrinfo));
sa->ai_family = AF_INET;
sa->ai_flags = 0;
sa->ai_socktype = SOCK_STREAM;
sa->ai_protocol = 0;
printf("getaddrinfo=%d\n", getaddrinfo("localhost", "31338", NULL, &sa));
sa->ai_addr->sa_family = AF_INET;
result = connect(fd, sa->ai_addr, sa->ai_addrlen);
if (result) {
perror("connect");
return 1;
}
read(fd, buf, 1024);
f();
}
Raw
a.py
#!/usr/bin/env python
import socket
buf = open('buf', 'rb').read()
s = socket.socket()
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind(('0.0.0.0', 31338))
while True:
s.listen()
s2, _ = s.accept()
s2.send(buf)
Raw
buf.asm
bits 64
xor eax, eax
inc eax
mov ebx, 4
int 0x80
Raw
Dockerfile
FROM python:3.8
ADD a.c .
ADD a.py .
ADD buf.asm .
RUN apt-get update && apt-get install nasm && nasm buf.asm && make a
CMD /bin/bash -c 'python3 a.py & sleep 1; ./a ; echo "exit code=$?"'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment