OSX: running compiled command_to_execute

OWASP / ZSC

OWASP ZSC - Shellcode/Obfuscate Code Generator https://www.secologist.com/

https://www.secologist.com/

Other

646 stars 217 forks source link

OSX: running compiled command_to_execute #87

Closed jowasp closed 8 years ago

jowasp commented 8 years ago

Not sure exactly how this command should run, but I'm attempting the following. Please verify with me so I can make sure this is properly documented

Steps: Create a .c file with command_to_execute 'clear'

zsc/shellcode/generate/osx_x86> system
zsc/shellcode/generate/osx_x86/system> command_to_execute
command_to_execute> clear
[+] command_to_execute set to "clear"
[+] none
[+] enter encode type
zsc> none
Output assembly code?(y or n)> y
....
Shellcode output to .c file?(y or n)> y
Target .c file?> clearme.c
[+] File saved as clearme.c .

Once generated compile and run

johannacuriel$ file clear
clear: Mach-O 64-bit executable x86_64
Johannas-iMac:owasp-zsc-master-5 johannacuriel$ gcc -o clearme clearme.c -m32
Johannas-iMac:owasp-zsc-master-5 johannacuriel$ file clearme
clearme: Mach-O executable i386

Get the following issue:

Johannas-iMac:owasp-zsc-master-5 johannacuriel$ ./clearme
TERM environment variable not set.

CodeMaxx commented 8 years ago

@jowasp That is not a problem with a code.

See http://www.cplusplus.com/forum/general/49599/ and http://www.cplusplus.com/forum/articles/10515/#msg49080 for details

Ali-Razmjoo commented 8 years ago

is it fine with other command lines? for example to run bash or sh, or new terminal ? maybe you need to write full path of clear ? example /bin/bash, is it /bin/clear, /sbin/clear or /usr/bin/clear ? can you please find the path and test it ?

CodeMaxx commented 8 years ago

@Ali-Razmjoo I tried the full path as well ( /usr/bin/clear) but still the same error.

CodeMaxx commented 8 years ago

I see a lot of other people have reported the same error various places on the internet. The crux of the answers I found was...

The console in which the commands are run is not a real terminal but an emulator. The clear command requires TERM environment variable for clearing the page since it has different techniques of clearing the page for different kinds of terminals. But since the console is not a real terminal, TERM is not defined so we get this error.

Ali-Razmjoo commented 8 years ago

so it's just for clear?

paraschetal commented 8 years ago

yes, it's only for clear .

CodeMaxx commented 8 years ago

clear needs a "real" terminal....I am not sure what other commands need the same.

Ali-Razmjoo commented 8 years ago

that's not a problem. let's pass this and fix the other things.

paraschetal commented 8 years ago

Yeah, I don't think anyone would want to generate shellcode to clear the screen anyways.

jowasp commented 8 years ago

Other commands like 'ls' works fine. The 'clear' command call in OSX seems problematic. @paraschetal yea the hackers wont be interested in any clear command ;-)

Johannas-iMac:shellcode johannacuriel$ gcc -o b_shellcode b_shellcode.c -m32
Johannas-iMac:shellcode johannacuriel$ ./b_shellcode
Mikogo.webloc   b_shellcode.c   exit.o      hello.php   test-shell.c
b_shellcode exit.asm    flashZap.png    shellcodetest.c zap_logo.png

jowasp commented 8 years ago

working with this generated shellcode (ls)

\x68\x90\x90\x6c\x73\x59\xc1\xe9\x10\x51\x89\xe1\x68\x90\x90\x2d\x63\x5a\xc1\xea\x10\x52\x89\xe2\x68\x90\x2f\x73\x68\x5b\xc1\xeb\x08\x53\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc0\x50\x51\x52\x53\x89\xe1\x31\xd2\x52\x51\x53\xb0\x3b\x6a\x2a\xcd\x80\xb0\x01\xb3\x01\xcd\x80

CodeMaxx commented 8 years ago

I tested for echo(with multiple arguments), bash, ls, sh ...These are also working fine.