All geek questions in one place

Python shellcode evaluation method?

Evaluating a sample shellcode fragment using the C program is not difficult. This will include storing shellcode in an array of characters, creating a function pointer, casting the pointer into a pointer and pointing it to an array and calling the function (pointer).

Here's how it works if you can execute memory in nastycode[] :

 /* left harmless. Insert your own working example at your peril */ char nastycode[] = "\x00\x00\x00..."; void (*execute_ptr) (void); execute_ptr = (void *)nastycode; /* point pointer at nasty code */ execute_ptr(); /* execute it */

Is there a way to do the same using Python code? Or does the fact that Python code translates into bytecode make such an effort impossible?

+4
source share
3 answers

The only way this can be done is to rely on the C library. Buffer overflows can be injected into python from library bindings. For your purposes, you can write your own python library in c and implement something like example3.c in Aleph One Smashing the Stack for Fun and Profit . As Avilo remarked, you have to worry about NX zones, however any region of memory can be executed executable again, and it depends on the platform. GCC also uses default canary glasses. Although this can be avoided by simply rewriting the return address with the address passed to the function, which leaves an unused cannery. ASLR is a very good security system that is difficult to circumvent, but if you pass a known address to your shell code, ASLR should not be a problem.

+4
source

Its possible in python ... you can make your own C binding using ctypes or just use something like distorm

http://code.google.com/p/distorm/wiki/Python

You can also check how the dionea does it. Its a honeypot, but it will check the shellcode and give the results.

http://dionaea.carnivore.it/

0
source

This is what you are looking for;)

http://libemu.carnivore.it/

Since you are looking for python:

https://github.com/buffer/pylibemu

0
source

Source: https://habr.com/ru/post/1340473/

More articles:


All Articles