UNIX Assembly Components for Proof of Concept Codes
Introduction
This project contains a set of assembly components for proof of concept codes on different operating systems and architectures. These components were carefully designed and implemented for maximum reliability, following strict coding standards and requirements, such as system call invocation standards, position independent, register independent and zero free code. A special attention was put on code length when designing and implementing them, resulting in the most reliable and shortest codes for such purpose available today.
Code length
| Operating System and Architecture | bndsockcode | cntsockcode | fndsockcode |
| BSD x86 | 73 | 64 | 60 |
| Linux x86 | 78 | 71 | 62 |
| Mac OS X x86 | 74 | 65 | 61 |
| Solaris x86 | 95 | 91 | 86 |
Code functionality
These components are differentiated by their actual functionality and impact of practical application. Here follows a brief description of the functionality of some of them.
Network server code (bndsockcode)
This code creates a listening TCP socket on a port defined at BNDSOCKPORT offset of bndsockcode routine (its value is set to 1234 by default). Upon accepting a connection, it duplicates the socket descriptor of the remote TCP endpoint to the process standard descriptors (stdin, stdout and stderr) and executes an interactive shell.
Network connect code (cntsockcode)
This code establishes a TCP connection with a remote IP address and port defined at CNTSOCKADDR and CNTSOCKPORT offsets of cntsockcode routine (its values are set to 127.0.0.1 and 1234 by default respectively). Upon establishing a connection, it duplicates the socket descriptor of the remote TCP endpoint to the process standard descriptors (stdin, stdout and stderr) and executes an interactive shell.
Find socket code (fndsockcode)
This code walks the process descriptor table in a search for a socket descriptor of the remote TCP endpoint identified by a port number defined at FNDSOCKPORT offset of the fndsockcode. In a case such a endpoint is located the loop is terminated and found socket descriptor is duplicated on the process standard descriptors (stdin, stdout and stderr).
Prior to executing the fndsockcode, a client software should establish a TCP connection with a process in which context the code is to be executed. Appropriate setting of the code data at FNDSOCKPORT offset of fndsockcode should be also made to assure proper identification of the client's connection.
Download
| Filename | md5sum |
| unixasm-1.1.0.tar.gz | 7acca0d1774b5bc17f886e2fbed28efb |
| unixasm-1.0.0.tar.gz | fc13f3ccec0ad1229966cbedb1d54ea5 |
This project is maintaned by Ramon de Carvalho Valle <ramon at risesecurity dot org>.