Last active
June 4, 2021 10:46
-
-
Save febnug/07c8d2da1698fdaec17253e3cb933a51 to your computer and use it in GitHub Desktop.
redirect function pake shellcode
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // solusi yang saya tulis di : | |
| // https://stackoverflow.com/questions/59536438/calling-x86-local-function-using-shellcode | |
| #include <stdio.h> | |
| #include <string.h> | |
| void redirect() { | |
| FILE *out = fopen("redirect.txt", "w"); | |
| fprintf(out, "REDIRECT WORKED"); | |
| fclose(out); | |
| } | |
| void f_func() { | |
| // unsigned char *f_code_original = "\x55\x48\x89\xe5\x48\x83\xec\x10\xb8\x00\x00\x00\x00\xe8\x00\x00\x00\x00\x89\x45\xfc\xb8\x2a\x00\x00\x00\xc9\xc3"; | |
| // unsigned char f_code_modified[] = "\x55\x48\x89\xe5\x48\x83\xec\x10\xb8\x00\x00\x00\x00\xe8\xbb\x84\x04\x08\xb8\x00\x00\x00\x00\xe8\x00\x00\x00\x00\x89\x45\xfc\x8b\x45\xfc\xc9\xc3"; | |
| // Here shellcode, I wrote : | |
| unsigned char *test_shellcode = "\x55\x48\x89\xe5\x48\x83\xec\x10\xb8\xbb\x84\x04\x08\xff\xd0\x89\x45\xfc\x8b\x45\xfc\xc9\xc3"; | |
| // unsigned char *test_shellcode2 = "\x55\x48\x89\xe5\x48\x83\xec\x10\xb8\xbb\x84\x04\x08\xff\xd0\xb8\x00\x00\x00\x00\xe8\xa3\x7f\xfb\xf7\x89\x45\xfc\x8b\x45\xfc\xc9\xc3"; | |
| int value = 0; | |
| int (*f)() = (int (*)())test_shellcode; | |
| value = f(); | |
| printf("%d\n", value); | |
| } | |
| int main(int argc, char **argv) { | |
| f_func(); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global _start | |
| section .text | |
| _start: | |
| push ebp | |
| dec eax | |
| mov ebp, esp | |
| dec eax | |
| sub esp, 0x10 | |
| mov eax, 0x080484bb ; redirect() function address | |
| call eax | |
| mov dword [ebp-0x4], eax | |
| mov eax, dword [ebp-0x4] | |
| leave | |
| ret |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global _start | |
| section .text | |
| _start: | |
| push ebp | |
| dec eax | |
| mov ebp, esp | |
| dec eax | |
| sub esp, 0x10 | |
| mov eax, 0x80484bb ; redirect() function address | |
| call eax | |
| mov eax, 0x0 | |
| call 0x1c | |
| mov dword [ebp-0x4], eax | |
| mov eax, dword [ebp-0x4] | |
| leave | |
| ret |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment