How do I make this simple shellcode c program compile from terminal?

StackOverflow https://stackoverflow.com/questions/11334454

Frage

I am trying to compile this using the terminal on ubuntu 12:

#include <stdio.h>

#include <stdlib.h>

main()

{
    /*declare argument array*/
    char *args[2];

    args[0] = “/bin/bash”;
    args[1] = NULL;

    execve(args[0], args, NULL);

    exit(0);
}

I found this example on http://www.securitytube.net/video/235 which also happened to be the one Aleph One used in 'Smashing the Stack for Fun and Profit'. I am aware that much has changed since then. In more simple examples I have used:

gcc -ggdb -mpreferred-stack-boundary=2 -fno-stack-protector filename filename.c

Other times I may include the static utility. It has worked up until I have tried to compile the C code above. The message I receive from the terminal is:

ss@ss-laptop:~$ gcc -static -mpreferred-stack-boundary=2 -fno-stack-protector -o shell         shell.c
shell.c: In function ‘main’:
shell.c:9:2: error: stray ‘\342’ in program
shell.c:9:2: error: stray ‘\200’ in program
shell.c:9:2: error: stray ‘\234’ in program
shell.c:9:15: error: expected expression before ‘/’ token
shell.c:9:15: error: stray ‘\342’ in program
shell.c:9:15: error: stray ‘\200’ in program
shell.c:9:15: error: stray ‘\235’ in program
ss@ss-laptop:~$

I understand that this is a very simple example and that this error is probably caused by current standard security measures in linux but I would like to get around them to practise with this example and more in the future. If anyone can help, it would be 'smashing'.

cheers

War es hilfreich?

Lösung

You have "smart" quotes around your string literal,

“/bin/bash”;

try using ordinary quotes ".

Andere Tipps

I think that this has nothing to do with security and instead is the following line:

args[0] = “/bin/bash”;

The quote characters you're using to delimit the string are not the standard ASCII quote character; instead, they're pretty Unicode characters for quotes.

Try rewriting this as 

args[0] = "/bin/bash";

by replacing the quote characters with fresh double-quotes.

As an aside - it's provably impossible for the compiler to detect all programs that might launch a shellcode. I would be shocked if any standard compiler would do anything at all to stop programs from compiling due to security holes.

Hope this helps!

Thanks for the rapid responses everyone. I have learned a few things:

1) Copy and paste is stupid

2) Dont copy and paste

3) check my quotation marks anyway

The answer was the quotation marks. I deleted and typed them again. *Sigh.

Cheers

I'm a newb - I'm the first one to admit it.

Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top