-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathshellcode.c
49 lines (40 loc) · 1.35 KB
/
shellcode.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>
#include <unistd.h>
#define MAP_ANONYMOUS 0x20
__attribute__((constructor)) void flush_buf() {
setbuf(stdin, NULL);
setbuf(stdout, NULL);
setbuf(stderr, NULL);
}
int main() {
// create memory for shellcode to reside in
mmap((char *)0x777777000, 71, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, -1, 0);
// set first 51 bytes to 0s
memset((char *)0x777777000, 0x00, 51);
// get first 10 bytes of shellcode
char shellcode_one[10];
puts("Enter first 10 bytes of shellcode: ");
read(0, shellcode_one, 10);
memcpy((char *)0x777777000, shellcode_one, 10);
// get second 10 bytes of shellcode
char shellcode_two[10];
puts("Enter second 10 bytes of shellcode: ");
read(0, shellcode_two, 10);
memcpy((char *)0x777777020, shellcode_two, 10);
// get third 10 bytes of shellcode
char shellcode_three[10];
puts("Enter third 10 bytes of shellcode: ");
read(0, shellcode_three, 10);
memcpy((char *)0x777777040, shellcode_three, 10);
// get last 10 bytes of shellcode
char shellcode_four[10];
puts("Enter last 10 bytes of shellcode: ");
read(0, shellcode_four, 10);
memcpy((char *)0x777777060, shellcode_four, 10);
// call shellcode
((void (*)())0x777777000)();
return 0;
}