Output shellcode to python file [Work in Progress]

OWASP / ZSC

OWASP ZSC - Shellcode/Obfuscate Code Generator https://www.secologist.com/

https://www.secologist.com/

Other

646 stars 217 forks source link

Output shellcode to python file [Work in Progress] #41

Closed Pratik151 closed 8 years ago

Pratik151 commented 8 years ago

This should not be merged now.

It would be great if others can check and see if this works. @paraschetal can you check this and see if you still get segmentation fault?

I will still make changes to this after #40 is completed as this both will have merge conflicts and paras is working on changes like use input, etc. and after that is merged I will make this work with his model.

paraschetal commented 8 years ago

Still gives segmentation fault. I also tried http://stackoverflow.com/questions/19326409/python-ctype-segmentation-fault?lq=1 and it gives AssertionError. Does it work fine on your computer?

Pratik151 commented 8 years ago

@paraschetal yes it is working fine here. Can you say which shellcode you used? I will try that one.

paraschetal commented 8 years ago

Here's the shellcode i generated from zsc to run the system command-echo yolo . It works fine using the C code, but gives segmentation fault if I use python code. shellcode: \x6a\x0b\x58\x99\x52\x68\x90\x90\x90\x6f\x59\xc1\xe9\x10\xc1\xe9\x08\x51\x68\x20\x79\x6f\x6c\x68\x65\x63\x68\x6f\x89\xe6\x52\x68\x90\x90\x2d\x63\x59\xc1\xe9\x10\x51\x89\xe1\x52\x6a\x68\x68\x2f\x62\x61\x73\x68\x2f\x62\x69\x6e\x89\xe3\x52\x57\x56\x51\x53\x89\xe1\xcd\x80 .

Pratik151 commented 8 years ago

@paraschetal I checked that shellcode and It is executing fine in my machine, I will try to look into that. @Ali-Razmjoo can you once check with some shellcode if it is working for you.

paraschetal commented 8 years ago

@Pratik151 can you please give the exact python code you are executing, along with any options you might be using for compiling the code.

Ali-Razmjoo commented 8 years ago

Hi, I get an error:

python f.py
Traceback (most recent call last):
  File "f.py", line 9, in <module>
    raise Exception('Failed to set protection')
Exception: Failed to set protection

Pratik151 commented 8 years ago

@Ali-Razmjoo Thanks, I will look into that soon.

@paraschetal It is also not working for Ali-Razmjoo as I said I was also able to execute shellcode without setting protection also. Here is the code btw

import ctypes
shellcode_data = b"your shellcode here"
shellcode = ctypes.c_char_p(shellcode_data)
libc = ctypes.CDLL('libc.so.6')
size = len(shellcode_data)
addr = ctypes.c_void_p(libc.valloc(size))
ctypes.memmove(addr,shellcode,size)
if libc.mprotect(addr, size, 0x7) != 0:
   raise Exception('Failed to set protection')
function = ctypes.cast(addr,ctypes.CFUNCTYPE(None))
function()

Pratik151 commented 8 years ago

@Ali-Razmjoo can you try to get errno from here On success, mprotect() returns zero. On error, -1 is returned, and errno is set appropriately.

Ali-Razmjoo commented 8 years ago

please make your pr, if you make your fixation, thanks.

Pratik151 commented 8 years ago

OK sure