Last active
June 18, 2023 00:27
-
-
Save procinger/a65c8bde824a10294a4a6966de5a47b4 to your computer and use it in GitHub Desktop.
GNU/Linux x86_64 Hello World Shellcode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Shellcode executer | |
* gcc -fno-stack-protector -z execstack shell.c -o shell | |
*/ | |
char shellcode[] = "\xeb\x20\x48\x31\xc0\x48\x31\xff\x48\x31\xf6\x48\x31\xd2\xb0\x01\x40\xb7\x01\x5e\xb2\x0c\x0f\x05\x48\x31\xc0\xb0\x3c\x40\xb7\x00\x0f\x05\xe8\xdb\xff\xff\xff\x48\x65\x6c\x6c\x6f\x20\x57\x6f\x72\x6c\x64\x21"; | |
int main(int argc, char **argv) | |
{ | |
int (*exeshell)(); | |
exeshell = (int (*)()) shellcode; | |
(int)(*exeshell)(); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
;Hello World GNU/Linux x86_64 Assembly | |
;nasm -f elf64 -o hello_world.o hello_world.s | |
;ld -o hello_world hello_world.o | |
section .data | |
msg db "Hello World!" | |
section .text | |
global _start | |
_start: | |
mov rax, 1 ; set syscall to size_t sys_write(unsigned int fd, const char * buf, size_t count); | |
mov rdi, 1 ; set file descriptor to 1; 0 = stdin, 1 = stdout, 2 = stderr | |
mov rsi, msg ; load message into rsi register | |
mov rdx, 12 ; set "Hello World!" size to 12 | |
syscall ; call syscall | |
mov rax, 60 ; set syscall to int sys_exit(int status) | |
mov rdi, 0 ; set return value to 0, programm exited succesfully | |
syscall ; call syscall |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
;same program shellcode optimzed | |
section .text | |
global _start | |
_start: | |
jmp short ending | |
main_func: | |
xor rax,rax ; zero rax | |
xor rdi, rdi ; zero rdi | |
xor rsi, rsi ; zero rsi | |
xor rdx, rdx ; zero rdx | |
mov al, 1 ; set syscall to size_t sys_write(unsigned int fd, const char * buf, size_t count); | |
mov dil, 1 ; set file descriptor to 1; 0 = stdin, 1 = stdout, 2 = stderr | |
pop rsi ; pop "Hello World!" from stack | |
mov dl, 12 ; set "Hello World!" size to 12 | |
syscall | |
xor rax, rax ; zero rax | |
mov al, 60 ; set syscall to int sys_exit(int status) | |
mov dil, 0 ; set return value to 0, programm exited succesfully | |
syscall | |
ending: | |
call main_func | |
db "Hello World!" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This shellcode is flaws in someways seeing how there is a 0 byte in the end result. You shold just xor instead