How can I learn to form strings in shellcodes?


(Yogi4you) #1

I am completely new to shellcode development. I am fairly good with assembly and C. It contains character string like,

char shellcode[] =
“\x31\xc0\xeb\x13\x5e\x6a\x0f\x56\x6a\x01\xb0\x04\x50\xcd\x80”
“\x31\xc0\x50\x50\xb0\x01\xcd\x80\xe8\xe8\xff\xff\xff\x48\x65”
“\x6c\x6c\x6f\x2c\x20\x77\x6f\x72\x6c\x64\x20\x21\x0a”;

What is it? I don’t seem to understand it. And how can I learn to create it for use. Can you throw some light?


(pico) #2

Hi @yogi4you

Check for instance this post:

And this

The links in this page may also help to understand that string


(Yogi4you) #3

Thanks for the above links. And I’ve read your “Programming for Wannabes” series. It’s brilliant. Please continue that series, it’s been a long time since your last post.


(pico) #4

Thanks @yogi4you!. I’m glad to hear you liked the series. I’ve been very busy lately, I’ll try my best to continue the series whenever things calm down.

Also regarding your initial question, there are many different ways to generate the asm out of an hex sequence. rasm2 tool included in radare2 is a powerful solution as it support many differnt architectures (for intel you can also use ndisasm for instance).

Something like this:

echo -e "\x31\xc0\xeb\x13\x5e\x6a\x0f\x56\x6a\x01\xb0\x04\x50\xcd\x80\x31\xc0\x50\x50\xb0\x01\xcd\x80\xe8\xe8\xff\xff\xff\x48\x65\x6c\x6c\x6f\x2c\x20\x77\x6f\x72\x6c\x64\x20\x21\x0a" | rasm2 -d -B -f -
xor eax, eax
jmp 0x17
pop esi
push 0xf
push esi
push 1
mov al, 4
push eax
int 0x80
xor eax, eax
push eax
push eax
mov al, 1
int 0x80
call 4
dec eax
insb byte es:[edi], dx
insb byte es:[edi], dx
outsd dx, dword [esi]
sub al, 0x20
ja 0x94
jb 0x93
and byte fs:[ecx], ah
or cl, byte [edx]

The strange opcodes at the end, after call 4 is the Hello World! string