shellcode

commit 6a905ce8d9bda1ca61b7e197153aa8a31df10fce
parent 666506f9493cbf7d04b87917062b93141aa8207d
Author: afify <hassan@afify.dev>
Date:   Sat, 19 Mar 2022 21:29:03 +0300

[feat] add loader

Diffstat:
M
Makefile
 | 
16
++++++++++++----
A
abc.s
 | 
30
++++++++++++++++++++++++++++++
M
hi.s
 | 
15
++++++++++-----
A
loader.c
 | 
21
+++++++++++++++++++++
R
tiny.s -> tiny.asm
 | 
0

R
tiny64.s -> tiny64.asm
 | 
0

6 files changed, 73 insertions(+), 9 deletions(-)
diff --git a/Makefile b/Makefile
@@ -1,16 +1,18 @@
 # See LICENSE file for copyright and license details.
 
-SRC = execve.s hi.s
+SRC = execve.s hi.s abc.s
 BIN = ${SRC:%.s=%}
 OBJ = ${SRC:%.s=%.o}
 HEX = ${SRC:%.s=%.hex}
 
 ASM     = nasm
 LNK     = ld
+CC      = cc
+CFLAGS  = -Wall -fno-stack-protector -z execstack
 AFLAGS  = -f elf64 -w+all -D$$(uname)
 LFLAGS  = -m elf_x86_64 -s
 
-all: options ${BIN} ${HEX} tiny
+all: options ${BIN} ${HEX} tiny loader
 
 options:
 	@echo ${BIN} build options:
@@ -31,7 +33,13 @@ ${HEX}: %.hex: %
 		sed 's/^/\\x/g'|\
 		sed "s/ *$$//g" |\
 		sed 's/ /\\x/g'|\
-		tr -d '\n' > $@
+		tr -d '\n'|\
+		fold -w 32 |\
+		sed 's/^/"/'|\
+		sed 's/$$/"/'> $@
+
+loader:
+	${CC} ${CFLAGS} $@.c -o $@
 
 tiny:
 	rm -rf tiny
@@ -43,6 +51,6 @@ tiny:
 	./tiny64 ; echo $$?
 
 clean:
-	rm -rf *.o *.hex ${BIN}
+	rm -rf *.o *.hex ${BIN} loader
 
 .PHONY: all options clean
diff --git a/abc.s b/abc.s
@@ -0,0 +1,30 @@
+; See LICENSE file for copyright and license details.
+BITS 64
+%include "syscalls.s"
+
+section .text
+	global _start
+
+_start:
+	mov rbx, 0x007A79
+	push rbx
+	mov rbx, 0x7877767574737271
+	push rbx
+	mov rbx, 0x706F6E6D6C6B6A69
+	push rbx
+	mov rbx, 0x6867666564636261
+	push rbx
+
+	xor rax, rax
+	mov al, SYS_write
+	xor rdi, rdi
+	mov dil, 1	;unsigned int fd
+	mov rsi, rsp	;const char *buf
+	xor rdx, rdx
+	mov dl, 26	;size_t count
+	syscall
+
+	xor rax, rax
+	mov al, SYS_exit
+	xor rdi, rdi
+	syscall
diff --git a/hi.s b/hi.s
@@ -8,12 +8,17 @@ section .text
 _start:
 	push 0x34333231
 	mov dword [rsp+4], 0x38373635
-	mov rax, SYS_write
-	mov rdi, 1	;unsigned int fd
+
+	xor rax, rax
+	mov al, SYS_write
+	xor rdi, rdi
+	mov dil, 1	;unsigned int fd
 	mov rsi, rsp	;const char *buf
-	mov rdx, 8	;size_t count
+	xor rdx, rdx
+	mov dl, 8	;size_t count
 	syscall
 
-	mov rax, SYS_exit
-	mov rdi, 0
+	xor rax, rax
+	mov al, SYS_exit
+	xor rdi, rdi
 	syscall
diff --git a/loader.c b/loader.c
@@ -0,0 +1,21 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+int
+main(int argc, char **argv)
+{
+	const char code[] =
+//START
+"\x68\x31\x32\x33\x34\xc7\x44\x24"
+"\x04\x35\x36\x37\x38\xb8\x01\x00"
+"\x00\x00\xbf\x01\x00\x00\x00\x48"
+"\x89\xe6\xba\x08\x00\x00\x00\x0f"
+"\x05\xb8\x3c\x00\x00\x00\xbf\x00"
+"\x00\x00\x00\x0f\x05";
+//END
+
+	(*(void (*)())code)();
+	return 0;
+}
diff --git a/tiny.s b/tiny.asm
diff --git a/tiny64.s b/tiny64.asm