forked from Naetw/CTF-pwn-tips
-
Notifications
You must be signed in to change notification settings - Fork 1
Shellcode
raywang edited this page Oct 14, 2017
·
6 revisions
You can compile a shellcode file with nasm and gdb. With your assembly in asm.S, run
nasm -f elf64 asm.S
gcc asm.o -o test
A skeleton for this might look like
section .data
msg db "flag.txt"
section .text
global main
main:
Pwntools allows you to create shellcode manually and also provides some commonly used functions like sh or read in the shellcraft module.
First, set the context:
context(arch='amd64', os='linux')
You can use asm to compile into raw bytes, and enhex to hexlify it.
shellcode = asm('lea rdi, [rip]')
shellcode += shellcraft.mov("r10", "rax")
shellcode += shellcraft.read('rax', 'rsp', 48) # fd, buf, numBytesTo debug your shellcode, you can write it to an executable or attach a gdb process to it in pwntools.
ELF.from_bytes(shellcode).save("./shellcode")or
gdb.debug_shellcode(shellcode, """
set disassembly-flavor intel
set height 0
b *0x6000b0"""
)
time.sleep(10000) # There's a bug in pwntools where the gdb will close immediately unless you have this