July 6th, 2005, 02:35 AM
Hey anyone been able to run shellcode in C#?
Alright not totally the best topic but I have to learn this .net C# stuff for work and was messing around with it but it's not totally how I would do it in C there are some little differences. So I grabbed some shellcode from metasploit (i'm lazy) for their Bind Shell and just can't get it to fire off. I guess I'm basically trying to get some help in porting it over.
Here is my c code
(waring don't run it binds to port 1354, I also messed with the shell code to keep script kiddies away)
unsigned char bunny =
int main(int argc, char **argv)
funky = (int (*)()) bunny;
July 8th, 2005, 09:27 AM
I've never programmed in c# before, in fact im not even sure why theres such a big crazy with it....(anyone inform me??)
but yea the way pointers work in c# appears to require more syntax (and different) than C, this is how far I got with porting it, still have no idea whether its near correct, or whether it i algothimically correct - i'd have to learn the syntax further
So yea maybe its a start, maybe its not. You seem to be required to "format" pointers in C#
*p = <something goes here>
funky = int.Format((int)p,<something goes here> );
let me know how you get on, im interested
July 8th, 2005, 05:28 PM
I do believe that in order to use pointers anywhere in C#, you must declare the class, method, or block as "unsafe".... you may only declare and use pointers in those blocks.
static void Main()
July 8th, 2005, 11:11 PM
I'm not sure I understand. Do you have to get shellcode to work in C# for work? Or is that just something you were messing around with to learn C#? I've never seen anything about shellcode in C#, but then again I've never looked. Good luck anyway. Hopefully you get it figured out.
July 8th, 2005, 11:26 PM
Perhaps he is a 1337 |-|4x0|2... or perhaps he's just trying to write an uber-low-level service which listens on port 1354... IMO, what he's doing with it is his business... so long as he's not making it blatently obvious that he's implementing this for some ill-intent, then...meh... I'll play dumb.
Originally posted here by h3r3tic
I'm not sure I understand. Do you have to get shellcode to work in C# for work? Or is that just something you were messing around with to learn C#?
July 9th, 2005, 05:24 AM
lol this is so funny....
embro1001 i'm a chick and i'm not being a 1337 |-|4x0|2 (wtf is that). No I don't have to write it for work lol. I find the easiest way to learn a language is to make example programs and have some fun with it. This is just one little app I made just to try and learn a language but I got stuck with it and asked for some help since there isn't much about shellcode and C# out there i thought someone on a security forum might help me out. So that's my big reason I guess. I can figure it out on my own and if I figure it out then super if not it's not going to mean much.
July 9th, 2005, 05:46 AM
Sex seems to lose it's meaning on these forums... I usually opt for the generic "he"... my bad.
embro1001 i'm a chick and i'm not being a 1337 |-|4x0|2 (wtf is that).
Rock on. Me too.
No I don't have to write it for work lol. I find the easiest way to learn a language is to make example programs and have some fun with it.
So you're a "chick", huh? Maybe we can get some coffee or something.
This is just one little app I made just to try and learn a language but I got stuck with it and asked for some help since there isn't much about shellcode and C# out there i thought someone on a security forum might help me out.
Maybe some dinner... movie... WHOA! Offtopic! Sorry! Seriously though, I wasn't accusing you of anything... I was just making fun h3r3tic carefully doubt-filled questions. Three cheers.
So that's my big reason I guess. I can figure it out on my own and if I figure it out then super if not it's not going to mean much.
July 9th, 2005, 08:11 AM
C# is like java, it handles memory management and garbage collection and yadda yadda. I'm probably wrong in saying this but I think it works as a rule of thumb. In java, if you want a b. overflow, you need to break the java machine itself. I think the same applies with C#. Break .net and you can run shellcode.
I'm curious as well, if anyone can fill in the details it would be handy.
July 9th, 2005, 03:30 PM
You can do c/c++ style memory management by using the unsafe keywords and so on. It's all built in so you can deal with libraries built in c and c++ like direct x.
You just need to do the proper amount of research and experimentation. You probably won't get much help on it here....most here are not that strong with development and even less actually use .net .
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
July 9th, 2005, 04:57 PM
You're both right... The bytecode that .NET languages compile to (IL) behaves a lot like Java, but those "clever" M$haft engineers figured that people may still need to use unsafe code. If you look on their site, they really don't recommend it, as you can get some pretty unusual results if you're not careful (i.e., the .NET runtime goes kaput).
This is the first time I've ever seen someone attempt to do an overflow/sploit-like program in C#, though... it just seems to high-level.