Shellcoding

Development Code
1

Hey guys I'm relatively new to C and shellcoding and what not. Started off with the basics which keep giving me an error, no matter how simple - Seg Fault.

How do I fix this?

This is the guide I was following and I did it step by step: http://projectshellcode.com/node/18.

Every assembly file I see says BITS 32 at the top. Does that mean it will only work on 32 bit machines? I'm running Windows 10 on x86_64. 

Revolt@WIN-PVEOMTF8PL0 /shellcode
$ ls
arwin.c    findFunctionInDLL.sh   shellcodetest.c
arwin.exe  shellcode-compiler.sh  xxd-shellcode.sh

Revolt@WIN-PVEOMTF8PL0 /shellcode
$ ./arwin Kernel32.dll Sleep
arwin - win32 address resolution program - by steve hanna - v.01
Sleep is located at 0xcfa8bb80 in Kernel32.dll

Revolt@WIN-PVEOMTF8PL0 /shellcode  
$ nasm -f bin -o sleep.bin sleep.asm

Revolt@WIN-PVEOMTF8PL0 /shellcode
$ xxd -i sleep.bin
unsigned char sleep_bin[] = {
  0x31, 0xc0, 0xbb, 0x80, 0xbb, 0xa8, 0xcf, 0x66, 0xb8, 0x88, 0x13, 0x50,
  0xff, 0xd3
};
unsigned int sleep_bin_len = 14;

Revolt@WIN-PVEOMTF8PL0 /shellcode
$ ./xxd-shellcode.sh sleep.bin
\x31\xc0\xbb\x80\xbb\xa8\xcf\x66\xb8\x88\x13\x50\xff\xd3

Revolt@WIN-PVEOMTF8PL0 /shellcode
$ gcc -o shellcodetest shellcodetest.c

Revolt@WIN-PVEOMTF8PL0 /shellcode
$ ./shellcodetest.exe
Segmentation fault (core dumped)
2

You need to remove segment protection ( -fno-stack-protector is the parameter for gcc ). Try that, I'm not too sure, but it might work. When shellcoding you often step out the boundaries of where you are supposed to be, so you need to do such fiddling around.

3

Yeah I was able to compile them on Linux using mingw64, so that's not a problem anymore,but I am now getting a System 5 error (not high enough privileges to perform an action) when I run my exec. It runs just fine but the commands within the shellcode aren't able to. Is there any way around that?

4

If granting admin does not help, then it must be a security measure, and I have no idea how to work around it, but there has to be some way, try to find how to remove that protection.