search

OWASP / ZSC

OWASP ZSC - Shellcode/Obfuscate Code Generator https://www.secologist.com/
https://www.secologist.com/
Other
647 stars 217 forks source link

OSX: CMD line skips question to generate .c file #84

Closed jowasp closed 8 years ago

jowasp commented 8 years ago

The following issue occurs in the interface. It skips the question of generating a '.c' file after user has selected no on 'output shellcode too (y or n)? user answers 'n' and the following question should follow, to generate a .c file:

zsc/shellcode/generate> 
linux_x86    osx_x86      windows_x86  
zsc/shellcode/generate> osx_x86
zsc/shellcode/generate/osx_x86> 
exec    system  
zsc/shellcode/generate/osx_x86> system
zsc/shellcode/generate/osx_x86/system> command_to_execute
command_to_execute> clear

[+] command_to_execute set to "clear"

[+] none

[+] enter encode type
zsc> none

Output assembly code?(y or n)> n
[+] Generated shellcode is:

\x68\x90\x90\x90\x72\x59\xc1\xe9\x10\xc1\xe9\x08\x51\x68\x63\x6c\x65\x61\x89\xe1\x68\x90\x90\x2d\x63\x5a\xc1\xea\x10\x52\x89\xe2\x68\x90\x2f\x73\x68\x5b\xc1\xeb\x08\x53\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc0\x50\x51\x52\x53\x89\xe1\x31\xd2\x52\x51\x53\xb0\x3b\x6a\x2a\xcd\x80\xb0\x01\xb3\x01\xcd\x80

Shellcode output to .c file?(y or n)> n
zsc> generate
[+] Command not found!
zsc> shellcode
zsc/shellcode> generate
zsc/shellcode/generate> 
linux_x86    osx_x86      windows_x86  
zsc/shellcode/generate> osx_x86
zsc/shellcode/generate/osx_x86> 
exec    system  
zsc/shellcode/generate/osx_x86> system
zsc/shellcode/generate/osx_x86/system> command_to_execute
command_to_execute> clear

[+] command_to_execute set to "clear"

[+] none

[+] enter encode type
zsc> none

Output assembly code?(y or n)> y

push $0x72909090
pop %ecx
shr    $0x10,%ecx
shr    $0x8,%ecx
push %ecx

push $0x61656c63

mov    %esp,%ecx
push   $0x632d9090
pop    %edx
shr    $0x10,%edx
push   %edx
mov    %esp,%edx
push   $0x68732f90
pop    %ebx
shr    $0x8,%ebx
push   %ebx
push   $0x6e69622f
mov    %esp,%ebx
xor    %eax,%eax
push   %eax
push   %ecx
push   %edx
push   %ebx
mov    %esp,%ecx
xor    %edx,%edx
push   %edx
push   %ecx
push   %ebx
mov    $0x3b,%al
push   $0x2a
int    $0x80
mov    $0x1,%al
mov    $0x1,%bl
int    $0x80

Output shellcode too?(y or n)> n
zsc>
Ali-Razmjoo commented 8 years ago

Thanks johanna, I will fix it soon.

Ali-Razmjoo commented 8 years ago

fix, Thank you.

CodeMaxx commented 8 years ago

@Ali-Razmjoo Thanks for fixing this.