shellforge free download, shellforge download on software download

	shellforge A compiler that transforms a C program into Linux/x86 shellcode
Download

shellforge Ranking & Summary

Rating:

License:
GPL

Price:
FREE

Publisher Name:
Philippe Biondi

Publisher web site:
http://www.secdev.org/projects/etherpuppet

shellforge Tags

shellforge Description

A compiler that transforms a C program into Linux/x86 shellcode ShellForge is a program written in Python that builds shellcodes from C. It is inspired from Stealth's Hellkit.Some wrapper functions arround system calls are defined in header files. The C program uses them instead of libc calls. ShellForge uses gcc to convert it into assembler. It then modifies it a bit, compiles it, extract code from the object, may encode it and add a loader at the begining.The available loaders are, for the moment : * xor : encode the shellcode to avoid null bytes and add a simple xor decoder * alpha : make an almost alphanumeric shellcode (see example) Future evolutions : * Make shellforge able to generate shellcodes for more architectures, natively or using cross-compilers * Add more loaders (and finish the alpha loader)Example:Here is the hello world program (hello.c).#include "include/sfsyscall.h"int main(void) { char buf[] = "Hello world!n"; write(1, buf, sizeof(buf)); exit(0);}We can have the raw shellcode :$ ./shellforge.py hello.c ** Compiling hello.c** Tuning original assembler code** Assembling modified asm** Retrieving machine code** Computing xor encryption key** Shellcode forged!x55x89xe5x83xecx24x53xe8x00x00x00x00x5bx83xc3xf4x8bx83x67x00x00x00x89x45xf0x8bx83x6bx00x00x00x89x45xf4x8bx83x6fx00x00x00x89x45xf8x0fxb7x83x73x00x00x00x66x89x45xfcx8dx4dxf0xbax0ex00x00x00xb8x04x00x00x00xc7x45xecx01x00x00x00x53x8bx59xfcxcdx80x5bxb8x01x00x00x00xc7x45xecx00x00x00x00x53x8bx59xfcxcdx80x5bx5bxc9xc3x48x65x6cx6cx6fx20x77x6fx72x6cx64x21x0ax00We can test it :$ ./shellforge.py -tt hello.c ** Compiling hello.c** Tuning original assembler code** Assembling modified asm** Retrieving machine code** Computing xor encryption key** Shellcode forged!** Compiling test program** Running test programHello world!** Test done! Returned status=0We can have the shellcode ready for C inclusion :$ ./shellforge.py -v0 -C hello.c unsigned char shellcode[] = "x55x89xe5x83xecx24x53xe8x00x00x00x00x5bx83xc3xf4x8bx83x67""x00x00x00x89x45xf0x8bx83x6bx00x00x00x89x45xf4x8bx83x6fx00""x00x00x89x45xf8x0fxb7x83x73x00x00x00x66x89x45xfcx8dx4dxf0""xbax0ex00x00x00xb8x04x00x00x00xc7x45xecx01x00x00x00x53x8b""x59xfcxcdx80x5bxb8x01x00x00x00xc7x45xecx00x00x00x00x53x8b""x59xfcxcdx80x5bx5bxc9xc3x48x65x6cx6cx6fx20x77x6fx72x6cx64""x21x0ax00";int main(void) { ((void (*)())shellcode)(); }We can use an xor loader to avoid x00 bytes in the shellcode$ ./shellforge.py -v0 -x hello.cxebx0dx5ex31xc9xb1x75x80x36x02x46xe2xfaxebx05xe8xeexffxffxffx57x8bxe7x81xeex26x51xeax02x02x02x02x59x81xc1xf6x89x81x65x02x02x02x8bx47xf2x89x81x69x02x02x02x8bx47xf6x89x81x6dx02x02x02x8bx47xfax0dxb5x81x71x02x02x02x64x8bx47xfex8fx4fxf2xb8x0cx02x02x02xbax06x02x02x02xc5x47xeex03x02x02x02x51x89x5bxfexcfx82x59xbax03x02x02x02xc5x47xeex02x02x02x02x51x89x5bxfexcfx82x59x59xcbxc1x4ax67x6ex6ex6dx22x75x6dx70x6ex66x23x08x02We can use an alpha loader to have an almost alphanumeric shellcode (give me some more time to get rid of the two last non alphanumeric bytes)$ ./shellforge.py -v0 -R --loader=alpha hello.c hAAAAX5AAAAHPPPPPPPPah0B20X5Tc80Ph0504X5GZBXPh445AX5XXZaPhAD00X5wxxUPTYII19hA000X5sOkkPTYII19h0000X5cDi3PTY19I19I19I19h0000X50000Ph0A0AX50yuRPTY19I19I19I19h0000X5w100PTYIII19h0A00X53sOkPTYI19h0000X50cDiPTYI19I19hA000X5R100PTYIII19h00A0X500yuPTYI19I19h0000X50w40PTYII19I19h0600X5u800PTYIII19h0046X53By9PTY19I19I19h0000X50VFuPTYI19I19h0000X5LC00PTYIII19h0060X5u79xPTY19I19I19I19h0000X5000FPTY19I19h2005X59DLZPTYI19h0000X500FuPTYI19I19h0010X5DLZ0PTYII19h0006X50Fu9PTY19I19I19I19h0000X5LW00PTYIII19h0D20X5Lx9DPTY19h0000X5000kPhA0A0X5ecV0PTYI19I19h0B0AX5FXLRPTY19h5550X5ZZZePTYI19??The classic exec /bin/sh :#include "include/sfsyscall.h"int main(void){ char *a[] = {"/bin/sh", 0}; execve(a, a, 0);}More complex example : to make a shellcode that scans ports of localhost :#include "include/sfsyscall.h"#include "include/sfsocket.h"#define FIRST 1#define LAST 1024int main(void) { struct sockaddr_in sa; int s,i; char buf; sa.sin_family = PF_INET; sa.sin_addr.s_addr = 0x0100007f; i=FIRST-1; write(1,"begin end",4); close(1); exit(0);}

shellforge Related Software