Created
November 11, 2016 02:46
-
-
Save levisre/f3e591d299569db949b2e002e0e3eb12 to your computer and use it in GitHub Desktop.
Simple Shellcode Loader coded in C. The shellcode must be in binary form
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| // enable cross compiling | |
| #ifdef __linux__ | |
| #include <sys/mman.h> | |
| #elif _WIN32 || _MINGW_ | |
| #include <windows.h> | |
| #endif | |
| //Declaration of Function pointer, which will be ussed to call the shellcode | |
| typedef void (*fp) (void); | |
| int getFileSize(FILE* filePointer) | |
| { | |
| fseek(filePointer,0L, SEEK_END); | |
| int size = ftell(filePointer); | |
| fseek(filePointer,0L, SEEK_SET); | |
| return size; | |
| } | |
| int main(int argc, char const *argv[]) | |
| { | |
| if(argc == 2) | |
| { | |
| FILE* shellcode = fopen(argv[1],"rb"); | |
| if(shellcode) | |
| { | |
| int len = getFileSize(shellcode); | |
| printf("Shellcode length: %d\n", len); | |
| char* buffer = NULL; | |
| //Allocate Memory to store shellcode | |
| #ifdef __linux__ | |
| buffer = (char*) mmap (NULL, len+1, PROT_EXEC | PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_SHARED, -1, 0); | |
| #elif _WIN32 || _MINGW_ | |
| buffer = (char*) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE); | |
| #endif | |
| if(buffer!=NULL) | |
| { | |
| fread(buffer, len+1, 1, shellcode); | |
| fclose(shellcode); | |
| fp shell = (fp) buffer; | |
| //Invoke Shellcode | |
| printf("Shellcode has been loaded at %p. Press any key to execute it...",buffer); | |
| getchar(); | |
| shell(); | |
| printf("Executing done! Unloading shellcode and cleaning up memory...\nx"); | |
| #ifdef __linux__ | |
| munmap(buffer, len+1); | |
| #elif _WIN32 || _MINGW_ | |
| VirtualFree(buffer, 0, MEM_RELEASE); | |
| #endif | |
| return 0; | |
| } | |
| else | |
| { | |
| printf("Could not allocate memory for buffer! Process aborted..."); | |
| return -1; | |
| } | |
| } | |
| else | |
| { | |
| perror("Could not load shellcode from file!"); | |
| return -1; | |
| } | |
| } | |
| else | |
| { | |
| printf("ERROR: No shellcode file specified!\nUse: %s <path_to_shellcode>", argv[0]); | |
| return -1; | |
| } | |
| } |
The shellcode must be in binary form???is it such as:
kali@kali:~$ cat ls_shellcode
\x6a\x3b\x58\x99\x48\xbb\x2f\x62\x69\x6e\x2f\x73\x68\x00\x53\x48\x89\xe7\x68\x2d\x63\x00\x00\x48\x89\xe6\x52\xe8\x08\x00\x00\x00\x2f\x62\x69\x6e\x2f\x6c\x73\x00\x56\x57\x48\x89\xe6\x0f\x05
Yup, it must be binary form, not the hex.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The shellcode must be in binary form???is it such as:
kali@kali:~$ cat ls_shellcode
\x6a\x3b\x58\x99\x48\xbb\x2f\x62\x69\x6e\x2f\x73\x68\x00\x53\x48\x89\xe7\x68\x2d\x63\x00\x00\x48\x89\xe6\x52\xe8\x08\x00\x00\x00\x2f\x62\x69\x6e\x2f\x6c\x73\x00\x56\x57\x48\x89\xe6\x0f\x05