May 19, 2012

windows shellcode 1: Introduction

Ok, this is another shellcode tutorial. However, this time I'm gonna focus on windows shellcoding technique.

In the previous shellcode tutorial, I'm using linux as my environment. After research and google for a while, I think it's time to write something about windows shellcode.

The most significant difference between linux shellcode and windows shellcode is that when writing linux shellcode we use system call to achieve the goal we want. However, in windows, the system call will various in different version. Therefore, when writing windows shellcode, we have to use windows API to achieve the goal.

There are several  ways to get the windows API address and the most simple one is using GetProcAddress() and LoadLibraryA() in kernel32.dll.
I use the following C program to demonstrate how to use these two API.

#include <windows.h>
#include <stdio.h>
int main() {
    unsigned int api_addr = 0;
    api_addr = GetProcAddress(LoadLibraryA("kernel32.dll"), "ExitProcess");
    printf("address 0x%x\n", api_addr);

In the above example the api_addr will contains the virtual address of ExitProcess().
P.S You can get more information of windows API in MSDN.

After knowing the address of ExitProcess, it's time to write a simple shellcode that will exit the program.

.global _main
    pushl $0;
    movl $0xdeadbeef, %ebx;
    call *%ebx;

In the above assembly code, you have to change the $0xdeadbeef to the API address the previous C program output to you. And the reason why using call *%ebx instead of call $0xdeadbeef is that when using call $0xdeadbeef the assembler will compile the code into a relative call instead of a direct call; therefore the result may not be what we are expected. I have mentioned this in the previous post. If you want u can check here.

This post is only a brief introduction of windows shellcode, I will post more advanced technique and shellcode later these days.

May 15, 2012

Some Great Python Tools

Recently, I start to learn python since it is very convenient and powerful. And I'm gonna introduce some great python tools that will be very helpful in the future work.

1. pip
The first one is pip. It is a tool that will help you managing the python packages. A great replacement for easy_install, but more powerful.
In Ubuntu, you can simply install pip by typing
sudo apt-get install python-pip

or you can download the package from the following link
untar the file and type
sudo python

U can use pip to install python package either from web site or tar files.
pip search $PACKAGE_NAME
and it will search the package 4 u.

simply type
pip install $PACKAGE_NAME
will help u install the package to your system.

2. virtualenv & virtualenvwrapper
The second tool I'm gonna introduce is virtualenv. It is a tool to help u creating a virtual python environment to solve the consistency problem.
In Ubuntu, simply type
sudo apt-get install python-virtualenv

or u can use pip to help you install virtualenv, just type
sudo pip install virtualenv

And if you have many projects that need to be managed, virtualenvwrapper is a very good choice. The tools contains some wrapper function from virtualenv and help u ease your job.

If u want to get familiar with virtualenv and virtualenvwrapper the following links are some good tutorials about these tools.

3. scapy
scapy is a very powerful tool for packet manipulation and packet sniffing. If you want to play with packets and learn some internet protocols or doing some internet forensic or pen-testing it is a very useful tools. The official documentation is great start to learn scapy. I will also post some tutorial of how to use scapy in the future.

want to install just type
sudo pip install scapy
sudo apt-get install python-scapy

4. Django or Pyramid
Django and Pyramid are both high-level web framework for programmers to develop their own web project in a rapid way. In short, they are "ruby on rails " in python :P
Even though both tools can help people organize their web framework, but they are still different.
The comparison of these two framework can be found in these links.
There are still more, you can just google for that.

Here are some links that will help u dig deeper in Django.

And also some links for Pyramid

5. Scrapy
Scrapy is a high-level python web crawling framework. If you want to design some web robot or web spider, Scrapy is a good choice.

The documentation of scrapy is right here

want to install just type
sudo pip install scrapy
sudo apt-get install python-scrapy