killswitch-GUI
diff --git a/‎.DS_Store‎
10 KB b/‎.DS_Store‎
10 KB
diff --git a/‎README.md‎ b/‎README.md‎
diff --git a/‎shellcode/.DS_Store‎
6 KB b/‎shellcode/.DS_Store‎
6 KB
diff --git a/‎shellcode/README.md‎
Lines changed: 12 additions & 0 deletions b/‎shellcode/README.md‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎shellcode/system-execve-shell.c‎
Lines changed: 66 additions & 0 deletions b/‎shellcode/system-execve-shell.c‎
Lines changed: 66 additions & 0 deletions
@@ -0,0 +1,12 @@
+# Using C to build OSX Shellcode 
+
+A small setup that I used to learn X86_x64 shellcode generation using ASM and compiled C code. 
+
+
+## OSX Setup
+
+Please ensure you have the following installed before starting to build.
+
+- Install XCode: `xcode-select --install`
+- Install Brew: `/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"`
+- Install Brew GCC: `brew install gcc`
@@ -0,0 +1,66 @@
+//#include <sys/syscall.h>
+
+
+/*
+1) compile code:
+/usr/local/Cellar/gcc/6.3.0_1/bin/gcc-6 -c test.c --shared -fpic -static -O0 -fno-asynchronous-unwind-tables -D LIB
+
+or for byte savings: (86 bytes)
+
+/usr/local/Cellar/gcc/6.3.0_1/bin/gcc-6 -c test.c --shared -fpic -static -O3 -fno-asynchronous-unwind-tables -D LIB
+
+2) link your code:
+ld test.o -o test -S -static -dylib -order_file order_file.txt
+
+2) get hex of shel code of section:
+gobjcopy -O binary --only-section=.text test test.output
+*/
+
+// int main1();
+
+// int myexec(char* arg1, long arg2, long arg3);
+
+static volatile int myexec(char * arg1, long arg2, long arg3) {
+	/*
+	 asm ( assembler template 
+           : output operands                  
+           : input operands                   
+           : list of clobbered registers      
+           );
+	// */
+	// int a=10, b;
+ //    asm ("movl %1, %%eax; 
+ //          movl %%eax, %0;"
+ //         :"=r"(b)        /* output */
+ //         :"r"(a)         /* input */
+ //         :"%eax"         /* clobbered register */
+ //         );       
+	volatile int x = 0;
+	int y = 0x200003b;
+	asm volatile( "movq  %4,%%rax;\n\t"
+		   "movq %1,%%rdi;\n\t"
+		   "mov %2,%%rsi;\n\t"
+		   "mov %3,%%rdx;\n\t"
+		   "syscall"
+		   :"=g"(x)
+		   :"g"(arg1),"g"(arg2),"g"(arg3),"g"(y)
+		   :"%rcx", "%r11", "%rax", "%rdi", "%rsi", "%rdx"
+		   );
+	return x;
+
+}
+
+int main1(char* mystring) {
+  // char mystring[] = {'/','b','i','n','/','s','h',0};
+  //seteuid(0);
+  //fork();
+  // write(1,mystring,8);		//size_t write(int fildes, const void *buf, size_t nbytes);
+  //system ("ls");
+  // char* command="/bin/sh"
+  myexec(mystring, 0, 0);
+  return 0;
+}
+
+
+
+