Assignment-5 #2

Merged
saschato merged 18 commits from Assignment-5 into master 2024-06-10 14:32:32 +02:00
2 changed files with 7 additions and 5 deletions
Showing only changes of commit 63d0a88ba8 - Show all commits

View file

@ -7,8 +7,8 @@ section .text
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; https://rayoflightz.github.io/shellcoding/linux/x86/2018/11/15/Shellcoding-for-linux-on-x86.html ; ; https://rayoflightz.github.io/shellcoding/linux/x86/2018/11/15/Shellcoding-for-linux-on-x86.html ;
; https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md#x86-32_bit ; ; https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md#x86-32_bit ;
; https://man7.org/linux/man-pages/man2/execve.2.html ; ; https://man7.org/linux/man-pages/man2/execve.2.html ;
; https://www.ascii-code.com/ ; ; https://www.ascii-code.com/ ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
_start: _start:
xor eax, eax ; set eax to NULL without terminating the shellcode later xor eax, eax ; set eax to NULL without terminating the shellcode later
@ -16,6 +16,8 @@ _start:
push 0x68736164 ; push the ASCII values for 'dash' onto the stack in reverse order (due to little endian) push 0x68736164 ; push the ASCII values for 'dash' onto the stack in reverse order (due to little endian)
push 0x2f2f2f2f ; push the ASCII values for '////' onto the stack in reverse order " push 0x2f2f2f2f ; push the ASCII values for '////' onto the stack in reverse order "
push 0x6e69622f ; push the ASCII values for '/bin' onto the stack in reverse order " push 0x6e69622f ; push the ASCII values for '/bin' onto the stack in reverse order "
; only multiples of wordsize (here 4 byte) can be pushed onto stack
; therefore four / in the second push
mov ebx, esp ; set ebx to the address of the '/bin////dash' string (top of the stack) mov ebx, esp ; set ebx to the address of the '/bin////dash' string (top of the stack)
mov ecx, eax ; set ecx to NULL (=> char *const _Nullable argv[] is NULL) mov ecx, eax ; set ecx to NULL (=> char *const _Nullable argv[] is NULL)
mov edx, eax ; set edx to NULL (=> char *const _Nullable envp[] is NULL) mov edx, eax ; set edx to NULL (=> char *const _Nullable envp[] is NULL)

View file

@ -4,7 +4,7 @@
// gcc -o test_shellcode -m32 -fno-stack-protector -fno-pie -z execstack -O0 test_shellcode.c // gcc -o test_shellcode -m32 -fno-stack-protector -fno-pie -z execstack -O0 test_shellcode.c
// Your shellcode goes here // Your shellcode goes here
char *shellcode = "\x90\x90\x90..."; char *shellcode = "\x31\xc0\x50\x68\x64\x61\x73\x68\x68\x2f\x2f\x2f\x2f\x68\x2f\x62\x69\x6e\x89\xe3\x89\xc1\x89\xc2\xb0\x0b\xcd\x80";
// ------------------------ // ------------------------
int main() int main()