- 🇬🇧 Github book about hacking
- 🇬🇧 Some useful online tools - This can help you create shellcode.
- 🇬🇧 Buffer Overflow EIP Offset String Generator
- 🇬🇧 Smash stack
- 🇫🇷 Introduction aux buffer overflows
- 🇫🇷 Introduction à la rétroingénierie de binaires
- 🇫🇷 Écrivez votre premier shellcode en asm x86 !
checksec --file your_binarydisplays informations about the executable protections (relro, stack canary...).readelf -l your_elf_binary | grep GNU_STACKdisplays the stack flags, useful to quickly know if you can execute some code from it.
If debugging shellcode, we can use \xcc (int3) to stop program and return to debugger. It's a breakpoint instruction
(used by GDB).
You can use struct to convert the integer number to a binary string easily.
Link.
>>> import struct
>>> struct.pack("I", 0x080483f4)
'\xf4\x83\x04\x08'Generate easily a string like AAAABBBBCCCC... (the full length is 104):
>>> "".join(x for x in string.ascii_uppercase for _ in range(4))
'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJKKKKLLLLMMMMNNNNOOOOPPPPQQQQRRRRSSSSTTTTUUUUVVVVWWWWXXXXYYYYZZZZ'You can use GDB peda to enhance your GDB.
#!/bin/bash -e
FILE="utils.py skeleton.py six.py shellcode.py nasm.py config.py"
mkdir -p /tmp/peda/lib
cd /tmp/peda
curl -k -O https://raw.githubusercontent.com/longld/peda/master/peda.py
cd lib
for i in $FILE
do curl -k -O https://raw.githubusercontent.com/longld/peda/master/lib/$i
done
cd /tmp/peda
chmod -R +rx .
cd $HOME
echo "\033[31mNE PAS OUBLIER l'ALIAS GDB :\033[0m"
echo 'alias gdb="/usr/bin/gdb -x /tmp/peda/peda.py -q "'