Linux/x86_64 bash shellcode with xor encoding Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-04-05 |
Type : shellcode |
Platform : linux_x86-64
This exploit / vulnerability Linux/x86_64 bash shellcode with xor encoding is for educational purposes only and if it is used you will do on your own risk!
; exit with status code 0
xor eax, eax
mov ebx, eax
mov al, 60
syscall
-----------
#### Explanation:
This code uses XOR encryption to obscure the name of the program being executed, `"bash"`. The XOR encryption key is `0x08162432`, which is applied to each byte of the string. The decryption is performed just before calling `execve`, so the program name is passed in its original form.
The rest of the code is the same as the previous example, making a system call to the `execve` function and then calling the `exit` syscall to terminate the process.
---------
### Compilation AND Execution:
To run the x86_64 assembly code on a Linux system, you need to assemble it into an executable file and then run the file. Here are the steps:
1. Save the code to a file with a `.asm` extension, for example `bash.asm`.
2. Assemble the code into an object file using an assembler, such as NASM:
`nasm -f elf64 -o bash.o bash.asm`
The `-f elf64` option specifies that the output format should be ELF64 (Executable and Linkable Format), and the `-o` option specifies the name of the output file, `bash.o`.
3. Link the object file to produce an executable file using the `ld` linker:
`ld -s -o bash bash.o`
The `-s` option removes the symbol table from the output file to make it smaller, and the `-o` option specifies the name of the output file, `bash`.