exit_shellcode



























$cat exit_shellcode.asm

Section         .text
global _start

_start:
mov ebx,0
mov eax,1
int 0x80

nasm -f elf exit_shellcode.asm
ld -m elf_i386 -o exit_shellcode exit_shellcode.o


objdump -d exit_shellcode

exit_shellcode:     file format elf32-i386


Disassembly of section .text:

08048060 <_start>:
8048060: bb 00 00 00 00       mov    $0x0,%ebx
8048065: b8 01 00 00 00       mov    $0x1,%eax
804806a: cd 80                 int    $0x80

per togliere i bytes null 00, si usa l'istruzione xor ebx,ebx per la prima istruzione, e il registro al per la seconda

xor ebx,ebx
mov al,1

$cat wack.c 

char shellcode[] = "\xbb\x00\x00\x00\x00"
"\xb8\x01\x00\x00\x00"
"\xcd\x80";
int main()
{
int *ret;
ret = (int *)&ret +2;
(*ret) = (int)shellcode;
}

gcc -m32 -fno-stack-protector -z execstack -o wack wack.c 
strace ./wack







Categories: , , Share

Leave a Reply