Shellcode Generation using C

Applications Programming
1

Hi,

I was just learning about buffer overflow attacks... I was curious as to how to generate a simple shellcode. I've written two codes - One is the typical program that has a vulnerability inside and the other is the shellcode.

main program:

void test();

int main() {
   test();
   return 0;
}

void test() {
   int *ret;
   ret = (int *)&ret + 2;
   (*ret) = (int)shellcode;
}

I was thinking of putting the shellcode into the shellcode found in the end which is a character array.

And as for the shellcode generation, I've written something like:

#include <unistd.h>

int main() {
  char buf[]="Hello World";
  write(1,buf,sizeof(buf));
  exit(0);
}

But I don't know how to generate the shellcode from this so that I can put it in the original program in the form of char shellcode[] = ...... How would I go about doing this? And yeah if this is the wrong forum, please move this post because I didn't know where else this has to be posted...

2

Imagine a program which normally prints "Hello World".

Then there is another program which uses that output...

char buf[32];
FILE *fp=popen("hello","r");
fread(buf,1,256,fp);
pclose(fp);

.. and it so happens that this always works because "hello" never returns more than 32 characters. One day it returns more, and then overruns the buffer affecting the return address. The function then returns into hyperspace.

3

And thats where the fun begins? :slight_smile: That was a great explanation. Thank you... I was actually trying to spawn a shell after reading a couple of articles but somehow couldn't properly understand Shellcode generation because most of the online articles say "To keep this article simple, I'd skip shellcode generation" and that was the instant when I thought of going for simple things - To generate one for atleast Hello World... Its funny that I got a shellcode itself for "Hello World" generation but I'm not searching for the answer instead the solution...