Hi,
Well I guess the right answer to your question is this shell script which I have been using to dump C string array style shellcodes.
shellac# cat shellsc.sh
dis -F main $1 | cut -b10-20 > ./hex.out
cat ./hex.out | awk '{ print "\"\x"$1"\x"$2"\x"$3"\x"$4"\"" }' > hex.out2
LINEC=`wc -l hex.out2 | awk '{print $1}'`
TAILC=`expr $LINEC - 7`
tail -$TAILC hex.out2 > hex.out3
TAILC=`expr $TAILC - 1`
printf "char shellcode[] = \n"
head -$TAILC hex.out3
printf ";\n"
echo
echo
echo int
echo "main(void)"
echo {
echo "void (*f)();"
echo
echo "f = (void (*)())shellcode;"
echo
echo "printf(\"shellcode %d\", sizeof(shellcode));"
echo
echo "f();"
echo }
rm -f hex.out*
shellac#
chmod 755 ./shellsc
and then hit ./shellsc connectback_shellcode ....
eg:
shellac# ./shellsc.sh connectback
char shellcode[] =
"\x20\xbf\xff\xff"
"\x20\xbf\xff\ ....
....
int
main(void)
{
void (*f)();
f = (void (*)())shellcode;
printf("shellcode %d", sizeof(shellcode));
f();
}
-----Original Message-----
From: Ryn [mailto:mattymlat_private]
Sent: Sunday, May 19, 2002 7:29 AM
To: vuln-devat_private
Subject: Generating shellcode
Howdy,
Do any documents exist explaining how to covert assembly op codes and
operands to hex? I can use "gdb" or "dis" on Solaris to get:
bc 10 20 00 clr %fp
e0 03 a0 40 ld [%sp + 64], %l0
a2 03 a0 44 add %sp, 68, %l1
9c 23 a0 20 sub %sp, 32, %sp
80 90 00 01 orcc %g0, %g1, %g0
I want to see how to get column 1 - 4 by hand.
Thanks for any info,
Ryan
This archive was generated by hypermail 2b30 : Mon May 20 2002 - 21:39:14 PDT