Skip to content

Instantly share code, notes, and snippets.

@xenomuta
Last active January 4, 2024 13:53
Show Gist options
  • Save xenomuta/4450368 to your computer and use it in GitHub Desktop.
Save xenomuta/4450368 to your computer and use it in GitHub Desktop.
httpd.asm: Arguably the world smallest web server. ( for GNU/Linux i386. Compile with nasm )
section .text
global _start
_start:
xor eax, eax
xor ebx, ebx
xor esi, esi
jmp _socket
_socket_call:
mov al, 0x66
inc byte bl
mov ecx, esp
int 0x80
jmp esi
_socket:
push byte 6
push byte 1
push byte 2
mov esi, _bind
jmp _socket_call
_bind:
mov edi, eax
xor edx, edx
push dword edx
push word 0x6022
push word bx
mov ecx, esp
push byte 0x10
push ecx
push edi
mov esi, _listen
jmp _socket_call
_listen:
inc bl
push byte 0x01
push edi
mov esi, _accept
jmp _socket_call
_accept:
push edx
push edx
push edi
mov esi, _fork
jmp _socket_call
_fork:
mov esi, eax
mov al, 0x02
int 0x80
test eax, eax
jz _write
xor eax, eax
xor ebx, ebx
mov bl, 0x02
jmp _listen
_write:
mov ebx, esi
push edx
push dword 0x0a0d3e31
push dword 0x682f3c21
push dword 0x64334e77
push dword 0x503e3168
push dword 0x3c0a0d0a
push dword 0x0d6c6d74
push dword 0x682f7478
push dword 0x6574203a
push dword 0x65707954
push dword 0x2d746e65
push dword 0x746e6f43
push dword 0x0a4b4f20
push dword 0x30303220
push dword 0x302e312f
push dword 0x50545448
mov al, 0x04
mov ecx, esp
mov dl, 64
int 0x80
_close:
mov al, 6
mov ebx, esi
int 0x80
mov al, 6
mov ebx, edi
int 0x80
_exit:
mov eax, 0x01
xor ebx, ebx
int 0x80
@xenomuta
Copy link
Author

nash-f is an even smaller HTTP server, coming down to 194B without content (or 229 bytes with the obligatory <h1>Hello!</h1>)

No it's not:

@xenomuta
Copy link
Author

xenomuta commented May 20, 2021

Also, the purpose of the original httpd.asm was to avoid null bytes.
nash-f's server code is full of 00s, which then trims strings and kills exploitability of some vulnerable string functions.

@Potherca
Copy link

@xenomuta My apologies. I'm still somewhat new to all of this. I've edited my comment.

Also, thank you for the clarifications, very educational!

@xenomuta
Copy link
Author

@xenomuta My apologies. I'm still somewhat new to all of this. I've edited my comment.

Also, thank you for the clarifications, very educational!

Oh that's ok, no need to apologize. You're welcome.
Keep the good stuff going.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment