Dudes, I need your hand.

I'd like to know some more infos about Shellcode decoding (tools, websites, papers) because I found out that I dunno much about it.

If you could point me out to links or tools regarding this subject, I'would be very grateful.

Tnx in advance!

Yog

I have some nice resource here helping to understand how to quickly test shellcodes in a C code, how to build shellcodes from a C code , etc , very interesting work which I thank all respective owner. Follow links section dude..

Yep, I've already tried to look into the recent submissions but I couldnt find a tool nor a paper describing exactly Shellcode decoding.

That's why I asked in a new topic.

If you could be so kind to just point me a couple of links.....

:)

Tnx classy boy!

Yog

best way I think is to compile the shellcode into an executable binary (win32) , then with a debugger and vmware , you follow the execution steps at steps. This is the best approach I think when you do not remember all asm hardcoded functions (wich is normal)

http://heapoverflow.com/f0rums/showthread.php?t=1132

Tnx dear friend!

The Links you provides are nice and I'm eating (reading) stuff like I was starving!!

ehhehehe

One last thing:

I remember there was a nice website which was decoding a shellcode into ASCII characters. Is this a good way to "translate" a shellcode?

Tnx
Yog

dont think nop , maybe to recognize quickly how his or by who is wrote the shellcode , as the metasploit ones you can recognize them cos they start often with the same header but else dont think nop

best way I think is to compile the shellcode into an executable binary (win32) , then with a debugger and vmware , you follow the execution steps at steps. This is the best approach I think when you do not remember all asm hardcoded functions (wich is normal)

http://heapoverflow.com/f0rums/showthread.php?t=1132


I agree, the best way to see what is doing a sc is to execute it :) but how do you turn an HEX string into something compilable ? Or maybe should i ask, with what do you compile a SC ?

char shellcode[] =
"\x29\xC9\x83\xE9\xDA\xD9\xEE\xD9\x74\x24\xF4\x5B\x 81\x73\x13\xD0"
"\x8A\x32\xF3\x83\xEB\xFC\xE2\xF4\x2C\x62\x76\xF3\x D0\x8A\xB9\xB6"
"\xEC\x01\x4E\xF6\xA8\x8B\xDD\x78\x9F\x92\xB9\xAC\x F0\x8B\xD9\xBA"
"\x5B\xBE\xB9\xF2\x3E\xBB\xF2\x6A\x7C\x0E\xF2\x87\x D7\x4B\xF8\xFE"
"\xD1\x48\xD9\x07\xEB\xDE\x16\xF7\xA5\x6F\xB9\xAC\x F4\x8B\xD9\x95"
"\x5B\x86\x79\x78\x8F\x96\x33\x18\x5B\x96\xB9\xF2\x 3B\x03\x6E\xD7"
"\xD4\x49\x03\x33\xB4\x01\x72\xC3\x55\x4A\x4A\xFF\x 5B\xCA\x3E\x78"
"\xA0\x96\x9F\x78\xB8\x82\xD9\xFA\x5B\x0A\x82\xF3\x D0\x8A\xB9\x9B"
"\xEC\xD5\x03\x05\xB0\xDC\xBB\x0B\x53\x4A\x49\xA3\x B8\xF4\xEA\x11"
"\xA3\xE2\xAA\x0D\x5A\x84\x65\x0C\x37\xE9\x5F\x97\x FE\xEF\x4A\x96"
"\xF0\xA5\x51\xD3\xA2\xEF\x55\x96\xB4\xE3\x46\xDD\x B5\xF2\x57\xF3";

void main()
{
int (*exec)()=(int(*)())&shellcode;
exec();
}



the exe will run regedit.exe

char shellcode[] =
"\x29\xC9\x83\xE9\xDA\xD9\xEE\xD9\x74\x24\xF4\x5B\x 81\x73\x13\xD0"
"\x8A\x32\xF3\x83\xEB\xFC\xE2\xF4\x2C\x62\x76\xF3\x D0\x8A\xB9\xB6"
"\xEC\x01\x4E\xF6\xA8\x8B\xDD\x78\x9F\x92\xB9\xAC\x F0\x8B\xD9\xBA"
"\x5B\xBE\xB9\xF2\x3E\xBB\xF2\x6A\x7C\x0E\xF2\x87\x D7\x4B\xF8\xFE"
"\xD1\x48\xD9\x07\xEB\xDE\x16\xF7\xA5\x6F\xB9\xAC\x F4\x8B\xD9\x95"
"\x5B\x86\x79\x78\x8F\x96\x33\x18\x5B\x96\xB9\xF2\x 3B\x03\x6E\xD7"
"\xD4\x49\x03\x33\xB4\x01\x72\xC3\x55\x4A\x4A\xFF\x 5B\xCA\x3E\x78"
"\xA0\x96\x9F\x78\xB8\x82\xD9\xFA\x5B\x0A\x82\xF3\x D0\x8A\xB9\x9B"
"\xEC\xD5\x03\x05\xB0\xDC\xBB\x0B\x53\x4A\x49\xA3\x B8\xF4\xEA\x11"
"\xA3\xE2\xAA\x0D\x5A\x84\x65\x0C\x37\xE9\x5F\x97\x FE\xEF\x4A\x96"
"\xF0\xA5\x51\xD3\xA2\xEF\x55\x96\xB4\xE3\x46\xDD\x B5\xF2\x57\xF3";

void main()
{
int (*exec)()=(int(*)())&shellcode;
exec();
}



the exe will run regedit.exe


OK !! So basically I can execute any char* with the exec function and attach my process to a debugger like ollydbg or another one to see what is going on. Fine, thanks for your fast reply Im gonna play a bit :)

btw you can read these papers so helping to understand shellcoding.

http://heapoverflow.com/f0rums/showthread.php?t=1129
http://heapoverflow.com/f0rums/showthread.php?t=1132

Hi! This is my first post and I hope that I won't look like some lamer :)

Can you tell me why to make shellcode? [ some good things about it ]