Metasploit mailing list archives

Re: Mac 64-bit Shellcode

From: Pete Smith <seclists () decapitate us>
Date: Wed, 1 Jun 2011 19:52:33 +1000

Ty,

If you still want to use objdump then you'll need to install a
cross-compiled version of objdump which will run on your x86 but understands
macho64. Previously I've installed the ELDK (
http://www.denx.de/wiki/DULG/ELDK) which is a full suite to cross compile
applications which may actually be overkill for what you want.

Perhaps take a look at radare (http://radare.nopcode.org/y/) which is a
cross platform reverse engineering and dis-assembly tool.

Pete

On 1 June 2011 18:08, Ty Miller <tyronmiller () gmail com> wrote:

Hey all,

Thanks for the responses.

Does metasm support macho64?

Otherwise I think i'll play with nasm/xxd a bit more, then probably stick
to developing macho64 payloads directly on mac.

Thx,
Ty


On Wed, Jun 1, 2011 at 10:40 AM, HD Moore <hdm () metasploit com> wrote:

On 5/31/2011 5:11 PM, Ty Miller wrote:

Hey guys,

I am currently putting together some Mac 64-bit shellcode but am having
troubles extracting the shellcode on Linux. I can do it fine on Mac
using nasm and otool, which produces the expected small shellcode, but I
want to specifically do it from Linux as a central development location.

I'm developing on BT5. I can compile it as macho64 using nasm. objdump
doesn't recognise the macho64 format. I also used xxd and can see the
small amount of shellcode in amongst heaps of other junk, but I cant see
an easy way to automatically strip the shellcode from the xxd output.


You might try building a generic macho binary that reads a file and
executes in RWX memory, then just use nasm -f bin to build raw shellcode
blobs and send those to your target darwin box, along with your load
application.

-HD
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Mac 64-bit Shellcode Ty Miller (May 31)
- Re: Mac 64-bit Shellcode Canberk BOLAT (May 31)
- Re: Mac 64-bit Shellcode Carlos Perez (May 31)
- Re: Mac 64-bit Shellcode HD Moore (May 31)
  - Re: Mac 64-bit Shellcode Ty Miller (Jun 01)
    - Re: Mac 64-bit Shellcode Pete Smith (Jun 01)
    - Re: Mac 64-bit Shellcode Ty Miller (Jun 02)