Feeds:
Posts
Comments

Archive for the ‘Programming-c’ Category

What is shellcode?
Shellcode is a set of instruction written in machine code which is generally used as payload in the exploitation of software vunerability. Since it starts with command shell that’s why it is named as Shellcode.

It’s the sampel of shellcode:
“\x48\x65\x6c\x6c\x6f\x20\x57\x6f\x72\x6c\x64\x21\x0a”

It stands for ‘Hello World!’.

For writing shellcode, you must familiar with Assembly Language programming and target hardware architecture. You can’t write shellcode for 32bit architecture and run in it 64bit architecture because the instruction codes that are loaded into the memory layout is also different.
If you write a program with c language, run it in 32bit architecture, the instruction codes will be loaded above stack but in 64bit it will be loaded above the heap.
It depend also on Operating System used. That’s why shellcode is designed for specific target system that take advantages its vulnerability.

Efficiency is needed when you wrote shellcode because it related with the size of buffer.

In this tutorial, I run the shellcode under Linux Ubuntu 18.04.4 LTS 32 bit in docker container. My hardware architecture is AMD ryzen 64bit. For programming I use gcc (Ubuntu 7.5.0-3ubuntu1~18.04) 7.5.0 for compiling c code, NASM version 2.13.02 for compiling assembly code and GNU objdump (GNU Binutils for Ubuntu) 2.30 for display machine code.

Writing shellcode also a bit tricky.

I give you an example.
Below is the assembly code to display “hello word!”.
Assembly code 1 (hello1)

1 section .text
2 global _start
3
4 _start:
5
6  ;Display Message
7  mov eax,4 ;syswrite=4
8  mov ebx,1 ;stdout=1
9  mov ecx,msg
10 mov edx,lenmsg
11 int 0x80 ;System Call
12
13 ;Exit
14 mov eax,1
15 mov ebx,0
16 int 0x80
17
18 section .data
19 msg db 'Hello World!',0xa
20 lenmsg equ $ - msg
I compile and run this code.
root@fc9fca692021:/home/darklinux# nasm -f elf32 hello1.asm -o hello1.o
root@fc9fca692021:/home/darklinux# ld hello1.o -o hello1
root@fc9fca692021:/home/darklinux# ./hello1
Hello World!
root@fc9fca692021:/home/darklinux#

It runs perfect.

(more…)

Read Full Post »

When you frequently work with the same file and do repeating the same process after you load your program, gdb provide easier solution for you.

I will give you an example.
Type the code below and save it to ‘keypress.c’.

1 #include
2 main()
3 {
4 printf("Press any key to continue.\n");
5 getchar();
6 }

Compile the program with debugging function.

$ gcc keypress.c -g -o keypress
$

I will show you if you do normal debugging. There few commands that I run here. One by one.

$ gdb keypress -silent
Reading symbols from /home/darklinux/keypress...done.
(gdb) set disassembly-flavor intel
(gdb) break main
Breakpoint 1 at 0x804841d: file keypress.c, line 4.
(gdb) run
Starting program: /home/darklinux/keypress

Breakpoint 1, main () at keypress.c:4
4 printf("Press any key to continue.\n");
(gdb) list 1,6
1 #include
2 main()
3 {
4 printf("Press any key to continue.\n");
5 getchar();
6 }
(gdb) disassemble /m main
Dump of assembler code for function main:
3 {
0x08048414 <+0>: push ebp
0x08048415 <+1>: mov ebp,esp
0x08048417 <+3>: and esp,0xfffffff0
0x0804841a <+6>: sub esp,0x10

4 printf("Press any key to continue.\n");
=> 0x0804841d <+9>: mov DWORD PTR [esp],0x8048500
0x08048424 <+16>: call 0x8048330 <puts@plt>

5 getchar();
0x08048429 <+21>: call 0x8048320 <getchar@plt>

6 }
0x0804842e <+26>: leave
0x0804842f <+27>: ret

End of assembler dump.
(gdb)

(more…)

Read Full Post »

Gnu Debugger not only can debug a program file but it can also do debugging with a running program.

Type the codes below and save it to ‘keypress.c’.

1 #include
2 main()
3 {
4 printf("Press any key to continue.\n");
5 getchar();
6 }

Compile and run the program

$ gcc keypress.c -g -o keypress
$ ./keypress
Press any key to continue.

Open another Linux Terminal and type: ps -aux | grep keypress to find the PID number.

$ ps -aux | grep keypress
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
1000 3392 0.0 0.0 1820 244 pts/0 S+ 08:56 0:00 ./keypress
1000 3457 0.0 0.0 4188 788 pts/1 S+ 08:57 0:00 grep --color=auto keypress
$

Debug the program with gdb. In order to do that, you have to be root otherwise you will get the error below.

$ gdb -pid 3392 -silent
Attaching to process 3392
Could not attach to process. If your uid matches the uid of the target
process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try
again as the root user. For more details, see /etc/sysctl.d/10-ptrace.conf
ptrace: Operation not permitted.
(gdb)

Now, you can debug the program with gdb.

$ sudo gdb --pid 3392 -silent
[sudo] password for darklinux:
Attaching to process 3392
Reading symbols from /home/darklinux/keypress...done.
Reading symbols from /lib/i386-linux-gnu/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/i386-linux-gnu/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
0x00ba5416 in __kernel_vsyscall ()
(gdb) list
1 #include
2 main()
3 {
4 printf("Press any key to continue.\n");
5 getchar();
6 }
(gdb)

Read Full Post »

In this tutorial I will show you how to generate assembly language code from c using gcc.

First, type the c code below, save it to ‘hello.c’.

1 #include
2 main()
3 {
4 printf("Hello World!\n");
5 return 0;
6 }

To generate assembly code use option -S.

$ gcc -S hello.c -o hello.s

Check the result

$ ls -l hello.s
-rwxrwxr-x 1 darklinux darklinux 491 2018-12-29 18:10 hello.s
$

Open with text editor.

1 .file "hello.c"
2 .section .rodata
3 .LC0:
4 .string "Hello World!"
5 .text
6 .globl main
7 .type main, @function
8 main:
9 .LFB0:
10 .cfi_startproc
11 pushl %ebp
12 .cfi_def_cfa_offset 8
13 .cfi_offset 5, -8
14 movl %esp, %ebp
15 .cfi_def_cfa_register 5
16 andl $-16, %esp
17 subl $16, %esp
18 movl $.LC0, (%esp)
19 call puts
20 movl $0, %eax
21 leave
22 .cfi_restore 5
23 .cfi_def_cfa 4, 4
24 ret
25 .cfi_endproc
26 .LFE0:
27 .size main, .-main
28 .ident "GCC: (Ubuntu/Linaro 4.6.1-9ubuntu3) 4.6.1"
29 .section .note.GNU-stack,"",@progbits
30

(more…)

Read Full Post »

Assembly Language is the most difficult programming language to learn, to code and to maintain. It’s not portable because it depends on the type processors and operating system. Instruction code in Intel will be different with PowerPC, Motorola any other processors. Although AMD processor is Intel Compatible but not all codes in Intel can run on AMD.
Programming will take longer time because it will take more codes for just simple print ‘Hello word’. More codes mean more difficult to debug when there is a problem. I will show you later.

So, if it’s

-difficult to develop
-difficult to maintain
-not portable

Why do we still need programming in Assembly?

There are 2 main reasons:

-Assembly Language is Very efficient in term of space in Hard disk, space in Memory and Speed.
-Direct access to hardware

Assembly is very efficient in time consumption when related with speed. It take less memory space and hard disk space compare to other programs which is written in high level language that perform the same task.

Then people will say, now, hard disk and memory are getting cheaper, so space of hard disk and memory are not the issue. And compilers are getting “smarter”. It can generate codes that much more efficient in space and time efficiency.
So, why still assembly.
(more…)

Read Full Post »