Saturday, December 31, 2011

Writing Shell Code On/For Windows

Posted on  by   with No comments:
Introduction
This article/tutorial assumes you have some common sense and some knowledge.
I won't be explaining what shell code, DLL's, Memory Adresses etc...
You should know that before starting on this.

Environment
Initially we will be focusing on creating Windows Assembly; however, Linux is really
good for developing assembly and shell code. But because we are on windows we'll
use Cygwin.

Download the Cygwin installer from here:
http://www.cygwin.com/setup.exe

During the Cygwin installation you will be asked to select wich packages you wish
to install. The following packages are usefull for creating assembly and shellcode.

* Devel > binutils
* Devel > gcc
* Devel > make
* Devel > nasm
* Devel > gdb
* Editors > hexedit
* Editors > vim
* Net > netcat
* System > util-linux

Tools
Once you have the Cygwin environment setup, download the following tools. Save them within your
Cygwin environment, copy them to something like: C:\cygwin\home\Administrator\shellcode\
(Where Adminstrator is your username)

xxd-shellcode.sh
Parses xxd output to extract raw shellcode
http://www.projectsh...xd-shellcode.sh

shellcode-compiler.sh
Automatically compiles the assembly code, extracts the raw shellcode, creates a Unicode encoded version of the raw shellcode, injects your encoded shellcode into a "Template Exploit" (ms07-004) for testing, creates a C test program containing your shellcode, and then compiles it ready to execute!
http://www.projectsh...de-compiler.zip

arwin.c
Win32 DLL address resolution program
http://www.vividmach...ellcode/arwin.c

shellcodetest.c
http://www.vividmach...shellcodetest.c

findFunctionInDLL.sh
Finds which DLLs on your system contain a specific Windows function
http://www.projectsh...unctionInDLL.sh

Start up a bash shell from the start menu and CD to your 'shellcode directory', such as:

cd /home/Administrator/shellcode

You now need to compile arwin.c by using the following command:

gcc -o arwin arwin.c

You should now be able to run arwin by typing ./arwin to display the usage information.
We don't need to compile shellcodetest.c at this stage. Once we have created our shell code,
then place the shellcode into shellcodetest.c and compile it. This allows us to run shellcodetest
to execute our shellcode.

If you followed along you should now be ready to start developing shell code. 

0 comments:

Post a Comment