Ali-Razmjoo
commented
6 years ago Hi,
can you please share the file or the command you used for generating the shellcode?
Regards.
Open moaeddy opened 6 years ago
Ali-Razmjoo
commented
6 years ago Hi,
can you please share the file or the command you used for generating the shellcode?
Regards.
moaeddy
commented
6 years ago attached is the generated file
moaeddy
commented
6 years ago Been waiting for your response, can't this be reproduced into .exe?
Ali-Razmjoo
commented
6 years ago Hi, sorry for my late answer, you encoded the file wrong! it has eval(some value) at the end which is not related to .c file or shellcodes.
here is a sample command
______ __ _____ _____ ______ _____ _____
/ __ \ \ / /\ / ____| __ \ |___ // ____|/ ____|
| | | \ \ /\ / / \ | (___ | |__) | / /| (___ | |
| | | |\ \/ \/ / /\ \ \___ \| ___/ / / \___ \| |
| |__| | \ /\ / ____ \ ____) | | / /__ ____) | |____
\____/ \/ \/_/ \_\_____/|_| /_____|_____/ \_____|
OWASP ZeroDay Cyber Research Shellcoderzsc> shellcode zsc/shellcode> generate zsc/shellcode/generate> linux_x86 osx_x86 windows_x86 windows_x86_64 zsc/shellcode/generate> w windows_x86 windows_x86_64 zsc/shellcode/generate> windows_x86 zsc/shellcode/generate/windows_x86> exec zsc/shellcode/generate/windows_x86/exec> file_to_execute file_to_execute> test/calc.exe
[+] file_to_execute set to "test/calc.exe"
[+] none [+] xor_random [+] add_random [+] sub_random [+] xor_yourvalue [+] inc [+] dec [+] inc_timesyouwant [+] dec_timesyouwant [+] add_yourvalue [+] sub_yourvalue
[+] enter encode type zsc/shellcode/generate/windows_x86/exec/encode_type> xo xor_random xor_yourvalue zsc/shellcode/generate/windows_x86/exec/encode_type> xor_random
Output assembly code?(y or n)> y
xor %ecx,%ecx mov %fs:0x30(%ecx),%eax mov 0xc(%eax),%eax mov 0x14(%eax),%esi lods %ds:(%esi),%eax xchg %eax,%esi lods %ds:(%esi),%eax mov 0x10(%eax),%ebx mov 0x3c(%ebx),%edx add %ebx,%edx mov 0x78(%edx),%edx add %ebx,%edx mov 0x20(%edx),%esi add %ebx,%esi xor %ecx,%ecx inc %ecx lods %ds:(%esi),%eax add %ebx,%eax cmpl $0x50746547,(%eax) jne 23 <.text+0x23> cmpl $0x41636f72,0x4(%eax) jne 23 <.text+0x23> cmpl $0x65726464,0x8(%eax) jne 23 <.text+0x23> mov 0x24(%edx),%esi add %ebx,%esi mov (%esi,%ecx,2),%cx dec %ecx mov 0x1c(%edx),%esi add %ebx,%esi mov (%esi,%ecx,4),%edx add %ebx,%edx push %ebx push %edx xor %ecx,%ecx push %ecx mov $0x61636578,%ecx push %ecx subl $0x61,0x3(%esp)
push %ebx push $0x684b6641 pop %ebx push $0x2d250f16 pop %ecx xor %ebx,%ecx pop %ebx push %ecx
push %esp push %ebx call *%edx add $0x8,%esp pop %ecx push %eax xor %ecx,%ecx push %ecx
push %ebx push $0x346c7a53 pop %ebx push $0x51fceac3 pop %ecx xor %ebx,%ecx pop %ebx push %ecx
pop %ecx shr $0x10,%ecx shr $0x8,%ecx push %ecx
push %ebx push $0x64454f35 pop %ebx push $0x1c206156 pop %ecx xor %ebx,%ecx pop %ebx push %ecx
push %ebx push $0x71366243 pop %ebx push $0x1d57016c pop %ecx xor %ebx,%ecx pop %ebx push %ecx
push %ebx push $0x634c6159 pop %ebx push $0x173f042d pop %ecx xor %ebx,%ecx pop %ebx push %ecx
xor %ebx,%ebx mov %esp,%ebx xor %ecx,%ecx inc %ecx push %ecx push %ebx call *%eax add $0x18,%esp pop %edx pop %ebx xor %ecx,%ecx mov $0x61737365,%ecx push %ecx subl $0x61,0x3(%esp)
push %ebx push $0x4e525274 pop %ebx push $0x2d3d2024 pop %ecx xor %ebx,%ecx pop %ebx push %ecx
push %ebx push $0x42687743 pop %ebx push $0x36010f06 pop %ecx xor %ebx,%ecx pop %ebx push %ecx
push %esp push %ebx call %edx xor %ecx,%ecx push %ecx call %eax
Output shellcode to screen?(y or n)> y [+] Generated shellcode is: \x31\xc9\x64\x8b\x41\x30\x8b\x40\x0c\x8b\x70\x14\xad\x96\xad\x8b\x58\x10\x8b\x53\x3c\x01\xda\x8b\x52\x78\x01\xda\x8b\x72\x20\x01\xde\x31\xc9\x41\xad\x01\xd8\x81\x38\x47\x65\x74\x50\x75\xf4\x81\x78\x04\x72\x6f\x63\x41\x75\xeb\x81\x78\x08\x64\x64\x72\x65\x75\xe2\x8b\x72\x24\x01\xde\x66\x8b\x0c\x4e\x49\x8b\x72\x1c\x01\xde\x8b\x14\x8e\x01\xda\x53\x52\x31\xc9\x51\xb9\x78\x65\x63\x61\x51\x83\x6c\x24\x03\x61\x53\x68\x49\x31\x7a\x57\x5b\x68\x1e\x58\x14\x12\x59\x31\xd9\x5b\x51\x54\x53\xff\xd2\x83\xc4\x08\x59\x50\x31\xc9\x51\x53\x68\x46\x49\x77\x49\x5b\x68\xd6\xd9\xe7\x2c\x59\x31\xd9\x5b\x51\x59\xc1\xe9\x10\xc1\xe9\x08\x51\x53\x68\x57\x6b\x43\x6f\x5b\x68\x34\x45\x26\x17\x59\x31\xd9\x5b\x51\x53\x68\x35\x6c\x37\x51\x5b\x68\x1a\x0f\x56\x3d\x59\x31\xd9\x5b\x51\x53\x68\x79\x4c\x6b\x53\x5b\x68\x0d\x29\x18\x27\x59\x31\xd9\x5b\x51\x31\xdb\x89\xe3\x31\xc9\x41\x51\x53\xff\xd0\x83\xc4\x18\x5a\x5b\x31\xc9\xb9\x65\x73\x73\x61\x51\x83\x6c\x24\x03\x61\x53\x68\x76\x73\x56\x43\x5b\x68\x26\x01\x39\x20\x59\x31\xd9\x5b\x51\x53\x68\x48\x41\x37\x50\x5b\x68\x0d\x39\x5e\x24\x59\x31\xd9\x5b\x51\x54\x53\xff\xd2\x31\xc9\x51\xff\xd0
Shellcode output to a .c file?(y or n)> y Target .c file?> shellcode.c [+] File saved as shellcode.c . zsc> wrong input! [!] interrupted by user! Exit
C:\Users\Zombie\Documents\GitHub\OWASP-ZSC>type shellcode.c
/* This shellcode generated by OWASP ZSC https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project http://zsc.z3r0d4y.com/ owasp-zsc[at]googlegroups[dot]com
Title: exec('test/calc.exe') OS: windows_x86 Encode: xor_random Length: 278 Assembly code:
xor %ecx,%ecx mov %fs:0x30(%ecx),%eax mov 0xc(%eax),%eax mov 0x14(%eax),%esi lods %ds:(%esi),%eax xchg %eax,%esi lods %ds:(%esi),%eax mov 0x10(%eax),%ebx mov 0x3c(%ebx),%edx add %ebx,%edx mov 0x78(%edx),%edx add %ebx,%edx mov 0x20(%edx),%esi add %ebx,%esi xor %ecx,%ecx inc %ecx lods %ds:(%esi),%eax add %ebx,%eax cmpl $0x50746547,(%eax) jne 23 <.text+0x23> cmpl $0x41636f72,0x4(%eax) jne 23 <.text+0x23> cmpl $0x65726464,0x8(%eax) jne 23 <.text+0x23> mov 0x24(%edx),%esi add %ebx,%esi mov (%esi,%ecx,2),%cx dec %ecx mov 0x1c(%edx),%esi add %ebx,%esi mov (%esi,%ecx,4),%edx add %ebx,%edx push %ebx push %edx xor %ecx,%ecx push %ecx mov $0x61636578,%ecx push %ecx subl $0x61,0x3(%esp) push $0x456e6957 push %esp push %ebx call *%edx add $0x8,%esp pop %ecx push %eax xor %ecx,%ecx push %ecx push $0x65909090 pop %ecx shr $0x10,%ecx shr $0x8,%ecx push %ecx
push $0x78652e63 push $0x6c61632f push $0x74736574
xor %ebx,%ebx mov %esp,%ebx xor %ecx,%ecx inc %ecx push %ecx push %ebx call %eax add $0x18,%esp pop %edx pop %ebx xor %ecx,%ecx mov $0x61737365,%ecx push %ecx subl $0x61,0x3(%esp) push $0x636f7250 push $0x74697845 push %esp push %ebx call %edx xor %ecx,%ecx push %ecx call *%eax
compile example(osx_x86): gcc -m32 -o shellcode_compiled shellcode.c compile example(linux_x86): gcc -m32 -z execstack -o shellcode_compiled shellcode.c compile example(windows_x86): gcc -o shellcode_compiled.exe shellcode.c followed by(to run): ./shellcode_compiled or shellcode_compiled.exe */
char shellcode = "\x31\xc9\x64\x8b\x41\x30\x8b\x40\x0c\x8b\x70\x14\xad\x96\xad\x8b\x58\x10\x8b\x53\x3c\x01\xda\x8b\x52\x78\x01\xda\x8b\x72\x20\x01\xde\x31\xc9\x41\xad\x01\xd8\x81\x38\x47\x65\x74\x50\x75\xf4\x81\x78\x04\x72\x6f\x63\x41\x75\xeb\x81\x78\x08\x64\x64\x72\x65\x75\xe2\x8b\x72\x24\x01\xde\x66\x8b\x0c\x4e\x49\x8b\x72\x1c\x01\xde\x8b\x14\x8e\x01\xda\x53\x52\x31\xc9\x51\xb9\x78\x65\x63\x61\x51\x83\x6c\x24\x03\x61\x53\x68\x49\x31\x7a\x57\x5b\x68\x1e\x58\x14\x12\x59\x31\xd9\x5b\x51\x54\x53\xff\xd2\x83\xc4\x08\x59\x50\x31\xc9\x51\x53\x68\x46\x49\x77\x49\x5b\x68\xd6\xd9\xe7\x2c\x59\x31\xd9\x5b\x51\x59\xc1\xe9\x10\xc1\xe9\x08\x51\x53\x68\x57\x6b\x43\x6f\x5b\x68\x34\x45\x26\x17\x59\x31\xd9\x5b\x51\x53\x68\x35\x6c\x37\x51\x5b\x68\x1a\x0f\x56\x3d\x59\x31\xd9\x5b\x51\x53\x68\x79\x4c\x6b\x53\x5b\x68\x0d\x29\x18\x27\x59\x31\xd9\x5b\x51\x31\xdb\x89\xe3\x31\xc9\x41\x51\x53\xff\xd0\x83\xc4\x18\x5a\x5b\x31\xc9\xb9\x65\x73\x73\x61\x51\x83\x6c\x24\x03\x61\x53\x68\x76\x73\x56\x43\x5b\x68\x26\x01\x39\x20\x59\x31\xd9\x5b\x51\x53\x68\x48\x41\x37\x50\x5b\x68\x0d\x39\x5e\x24\x59\x31\xd9\x5b\x51\x54\x53\xff\xd2\x31\xc9\x51\xff\xd0"; int main(void) { ((void(*)()) shellcode)(); return 0; }
C:\Users\Zombie\Documents\GitHub\OWASP-ZSC>
did you use jsfuck encoding or something by accident? it's not gonna work for "c" language. (check the file you attached at line 113)
i am trying to compile this to executable but getting errors below
||=== Build: Release in QA (compiler: GNU GCC Compiler) ===| C:\~\Documents\QA\main.c|1|error: expected identifier or '(' before '=' token| c:\program files (x86)\codeblocks\mingw\include\stdio.h|191|error: unknown type name 'size_t'| c:\program files (x86)\codeblocks\mingw\include\stdio.h|207|error: unknown type name 'size_t'| c:\program files (x86)\codeblocks\mingw\include\stdio.h|211|error: unknown type name 'size_t'| c:\program files (x86)\codeblocks\mingw\include\stdio.h|319|error: unknown type name 'size_t'| c:\program files (x86)\codeblocks\mingw\include\stdio.h|320|error: unknown type name 'size_t'| c:\program files (x86)\codeblocks\mingw\include\stdio.h|331|error: unknown type name 'size_t'| c:\program files (x86)\codeblocks\mingw\include\stdio.h|332|error: unknown type name 'size_t'| c:\program files (x86)\codeblocks\mingw\include\stdio.h|412|error: expected ',' or ';' before 'fread'| c:\program files (x86)\codeblocks\mingw\include\stdio.h|413|error: expected ',' or ';' before 'fwrite'| c:\program files (x86)\codeblocks\mingw\include\stdio.h|565|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\stdio.h|568|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\stdio.h|605|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\stdio.h|606|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\stdio.h|609|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|36|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|37|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|38|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|39|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|40|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|46|error: expected ',' or ';' before 'strcspn'| c:\program files (x86)\codeblocks\mingw\include\string.h|49|error: expected ',' or ';' before 'strlen'| c:\program files (x86)\codeblocks\mingw\include\string.h|50|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|51|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|52|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|55|error: expected ',' or ';' before 'strspn'| c:\program files (x86)\codeblocks\mingw\include\string.h|58|error: expected ',' or ';' before 'strxfrm'| c:\program files (x86)\codeblocks\mingw\include\string.h|65|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|66|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|72|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|73|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|77|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|80|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|81|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|90|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|91|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|103|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|104|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|107|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|110|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|115|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|131|error: expected ',' or ';' before 'wcscspn'| c:\program files (x86)\codeblocks\mingw\include\string.h|133|error: expected ',' or ';' before 'wcslen'| c:\program files (x86)\codeblocks\mingw\include\string.h|134|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|135|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|136|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|139|error: expected ',' or ';' before 'wcsspn'| c:\program files (x86)\codeblocks\mingw\include\string.h|142|error: expected ',' or ';' before 'wcsxfrm'| c:\program files (x86)\codeblocks\mingw\include\string.h|156|error: expected declaration specifiers or '...' before 'size_t'| c:\program files (x86)\codeblocks\mingw\include\string.h|157|error: expected declaration specifiers or '...' before 'size_t'| ||More errors follow but not being shown.| ||Edit the max errors limit in compiler options...| ||=== Build failed: 50 error(s), 0 warning(s) (0 minute(s), 0 second(s)) ===|