Created
March 17, 2019 20:20
-
-
Save alanvivona/2ef7168e9c2f95af38a9375e98fe707d to your computer and use it in GitHub Desktop.
A simple execve shellcode example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; EXECVE | |
| ; RDX = 0x00 | |
| ; RSI = 0x00 | |
| ; RDI = address of '//bin/sh', 0x00 (the extra slash is just for rounding to 8 bytes) | |
| section .text | |
| global _start | |
| _start: | |
| xor rdx, rdx ; rdx = 0x00 | |
| mov rsi, rdx ; rdi = 0x00 | |
| push rdx ; places the final null byte for the '//bin/sh' string | |
| ; echo -n "//bin/sh" | rev | xxd ==> 6873 2f6e 6962 2f2f | |
| ; can't push an immediate 64bit value, must go through a reg | |
| mov rax, 0x68732f6e69622f2f | |
| push rax | |
| mov rdi, rsp ; load string address into rdi | |
| xor rax, rax | |
| add rax, 0x3b ; syscall number | |
| syscall |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment