what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

priv8wst.c

priv8wst.c
Posted Jul 26, 2004
Authored by konewka | Site priv8security.com

Simple utility that will generate Linux x86 shellcode from provided text.

tags | x86, shellcode
systems | linux
SHA-256 | 8f5e0de853ec45a6ed5484d10e28fb3854b1f9fe91fb9937f26a01d6e7b7e7b8

priv8wst.c

Change Mirror Download
/*
** write() shellcode tool (linux x86)
**
** This utility will generate linux x86 shellcode
** that will display your custom text.
**
** NOTE: If hex code fails try convert generated asm code
** into hex.
**
** copyright (c) 2004 konewka <konewka@ffs.ath.cx>
** www.priv8security.com
*/
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>

#define RED "\033[01;31m"
#define NORM "\033[00;00m"
#define WRITE_CALL 04
#define EXIT_CALL 01

void usage(char *progname);
void asm_code(char *str, int size);
void hex_code(char *str, int size);
void clear_int(int inc[], int size);

int new_line = 1,
do_asm = 0;

void usage(char *progname) {
printf("["RED"+"NORM"] write() shellcode tool -linux x86- (www.priv8security.com)\n");
printf("\nusage: %s [options] <-s string>\n", progname);
printf("\t-s \tstring to use in shellcode\n");
printf("\t-a \tcreate assembler code\n");
printf("\t-n \tdo not add new line at the end\n\n");
exit(0);
}

void clear_int(int inc[], int size) {
int i;

for (i=0;i<=size;i++)
inc[i] = 0;
}

void hex_code(char *str, int size) {
int i, j, hex[3];

printf("char *shellcode = ");
printf("\"\\x31\\xdb\\x31\\xc9\\x31\\xd2\\xb2\\x%02x\"\n", size);
printf("\t\"\\x51");
for (i=size,j=-1;i>=0;) {
hex[j++] = str[i--];
if (j >= 4) {
printf("\\x68\\x%02x\\x%02x\\x%02x\\x%02x", hex[3], hex[2], hex[1], hex[0]);
clear_int(hex, 3);
j = 0;
}
}
if (j)
printf("\\x68\\x%02x\\x%02x\\x%02x\\x%02x", hex[3], hex[2], hex[1], hex[0]);

printf("\"\n\t\"\\x89\\xe1\\x31\\xc0\\xb0\\x%02x\\xcd\\x80\\x31\\xdb\\xb0\\x%02x\"\n", WRITE_CALL, EXIT_CALL);
printf("\t\"\\xcd\\x80\";\n");
printf("\nint main(void) {\n");
printf("\tint *ret;\n\n");
printf("\tret = (int *)&ret + 2;\n");
printf("\t*ret = (int)shellcode;\n}\n");
}

void asm_code(char *str, int size) {
int i, j, hex[3];

printf("int main(void) {\n");
printf("asm(\"\n");
printf("\txor %%ebx,%%ebx\n\txor %%ecx,%%ecx\n\txor %%edx,%%edx\n");
printf("\tmov $0x%x,%%%s\n", size, (size > 255) ? "dx" : "dl");
printf("\tpush %%ecx\n");

for (i=size,j=-1;i>=0;) {
hex[j++] = str[i--];
if (j >= 4) {
printf("\tpush $0x%02x%02x%02x%02x\n", hex[0], hex[1], hex[2], hex[3]);
clear_int(hex, 3);
j = 0;
}
}
if (j)
printf("\tpush $0x%02x%02x%02x%02x\n", hex[0], hex[1], hex[2], hex[3]);

printf("\tmov %%esp,%%ecx\n");
printf("\txor %%eax,%%eax\n");
printf("\tmov $0x%02x,%%al\n", WRITE_CALL);
printf("\tint $0x80\n");
printf("\txor %%ebx,%%ebx\n");
printf("\tmov $0x%02x,%%al\n", EXIT_CALL);
printf("\tint $0x80\");\n");
printf("}\n");
}

int main(int argc, char *argv[]) {
char *string = NULL;
int opt;

while ((opt = getopt(argc, argv, "anhs:")) != EOF) {
switch (opt) {
case 'n':
new_line = 0;
break;
case 'h':
usage(argv[0]);
break;
case 'a':
do_asm = 1;
break;
case 's':
if (strlen(optarg) >= 4096) {
printf("["RED"!"NORM"] entered string is too long\n");
return -1;
}
if (!(string = (char *)calloc(strlen(optarg), sizeof(char)))) {
printf("["RED"!"NORM"] cannot allocate memory for buffer\n");
return -1;
}
strncpy(string, optarg, strlen(optarg));
break;
default:
break;
}
}

if (!string)
usage(argv[0]);

if (strlen(string)%4)
printf("["RED"!"NORM"] WARNING: string should contain 4,8,16.. characters to avoid NULLs\n");

if (new_line)
strncat(string, "\n", strlen(string));

if (do_asm)
asm_code(string, strlen(string));
else
hex_code(string, strlen(string));

return 0;
}
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close