Assignment-5 #2
2 changed files with 7 additions and 5 deletions
|
|
@ -16,6 +16,8 @@ _start:
|
||||||
push 0x68736164 ; push the ASCII values for 'dash' onto the stack in reverse order (due to little endian)
|
push 0x68736164 ; push the ASCII values for 'dash' onto the stack in reverse order (due to little endian)
|
||||||
push 0x2f2f2f2f ; push the ASCII values for '////' onto the stack in reverse order "
|
push 0x2f2f2f2f ; push the ASCII values for '////' onto the stack in reverse order "
|
||||||
push 0x6e69622f ; push the ASCII values for '/bin' onto the stack in reverse order "
|
push 0x6e69622f ; push the ASCII values for '/bin' onto the stack in reverse order "
|
||||||
|
; only multiples of wordsize (here 4 byte) can be pushed onto stack
|
||||||
|
; therefore four / in the second push
|
||||||
mov ebx, esp ; set ebx to the address of the '/bin////dash' string (top of the stack)
|
mov ebx, esp ; set ebx to the address of the '/bin////dash' string (top of the stack)
|
||||||
mov ecx, eax ; set ecx to NULL (=> char *const _Nullable argv[] is NULL)
|
mov ecx, eax ; set ecx to NULL (=> char *const _Nullable argv[] is NULL)
|
||||||
mov edx, eax ; set edx to NULL (=> char *const _Nullable envp[] is NULL)
|
mov edx, eax ; set edx to NULL (=> char *const _Nullable envp[] is NULL)
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@
|
||||||
// gcc -o test_shellcode -m32 -fno-stack-protector -fno-pie -z execstack -O0 test_shellcode.c
|
// gcc -o test_shellcode -m32 -fno-stack-protector -fno-pie -z execstack -O0 test_shellcode.c
|
||||||
|
|
||||||
// Your shellcode goes here
|
// Your shellcode goes here
|
||||||
char *shellcode = "\x90\x90\x90...";
|
char *shellcode = "\x31\xc0\x50\x68\x64\x61\x73\x68\x68\x2f\x2f\x2f\x2f\x68\x2f\x62\x69\x6e\x89\xe3\x89\xc1\x89\xc2\xb0\x0b\xcd\x80";
|
||||||
// ------------------------
|
// ------------------------
|
||||||
|
|
||||||
int main()
|
int main()
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue