A shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability.
0
votes
2answers
24 views
execle() also specifies the environment. What does that mean?
I am reading a book called "Hacking: The art of exploitation" and I came across this paragraph:
With execl(), the existing environment is used, but if you use execle(),
the entire environment ...
2
votes
1answer
43 views
How can I check the commands the given shellcode executes?
Lets say I'm given the following shellcode:
char shellcode[]=
"\x31\xc0\x31\xdb\x31\xc9\x99\xb0\xa4\xcd\x80\x6a\x0b\x58\x51\x68"
"\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x51\x89\xe2\x53\x89"
...
0
votes
2answers
25 views
Can't link object file using ld - Mac OS X
/*********
exit.asm
*/
[SECTION .text]
global _start
_start:
xor eax, eax
xor ebx, ebx
mov al, 1
int 0x80
//****************************
First I used nasm -f elf exit.asm to generate the object ...
0
votes
1answer
37 views
buffer overflow exploit example from “Hacking: The Art of Exploitation”
I've found a few related posts about this on the site but non of them explained my problem.
The code is described here:
Link
My issue is the following:
The author tries to rewrite the return address ...
0
votes
1answer
61 views
a shellcode to get the shell,but segment default happened
Let me just show you my code first.
char shellcode[] =
"\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x46"
"\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1"
...
3
votes
1answer
99 views
Re-writing a small execve shellcode
Going through http://hackoftheday.securitytube.net/2013/04/demystifying-execve-shellcode-stack.html
I understood the nasm program which invokes execve and was trying to re-write it.
Some background ...
2
votes
2answers
81 views
Shellcode in C program
The link http://hackoftheday.securitytube.net/2013/04/demystifying-execve-shellcode-stack.html
highlights a way to write an execve shellcode.
#include<stdio.h>
#include<string.h>
...
0
votes
1answer
65 views
Stack memory addresses in Shellcode
I was reading a basic article on writing a shellcode (execve using stack method) here: http://hackoftheday.securitytube.net/2013/04/demystifying-execve-shellcode-stack.html
In step 6: It pushes a ...
0
votes
2answers
50 views
Null bytes in shellcode
Going through the shellcode article on wikipedia, it gives an example as follows:
B8 01000000 MOV EAX,1 // Set the register EAX to 0x000000001
To make the above instruction null free, ...
1
vote
1answer
43 views
Segmentation fault on mcrypt (probably something to do with the buffer) [closed]
I'm trying to build my own crypter in c using AES to encrypt the shellcode. Now I've already made a PoC of the crypter in one program which can be found below:
#include <stdio.h>
#include ...
1
vote
3answers
241 views
Using buffer overflow to execute shell code
I've been learning computer security lately and come across a couple problems, and i'm having some trouble with this one in particular.
I'm given a function with a fixed buffer I need to overflow in ...
0
votes
1answer
93 views
pass arguments to execve program in shellcode
I'm having a go at learning assembly and writing shellcode. I have a question about execve and passing arguments to the program it will execute.
I have working code to execute a bash shell but am ...
0
votes
2answers
113 views
Program behaves different in GDB?
I have this code from smashthestack:
//bla, based on work by nnp
#include <stdio.h>
#include <string.h>
void prompt_name(char *name, char *msg){
char buf[4096];
int i = ...
1
vote
3answers
106 views
Shellcode: perform 2 execve() calls
I am trying to write shellcode in assembly. I need to perform a /usr/bin/killall command AND a /usr/bin/wget command. I have both commands running perfectly in shellcode with the execve() syscall. But ...
3
votes
1answer
152 views
Linux Shellcode “Hello, World!”
I have the following working NASM code:
global _start
section .text
_start:
mov eax, 0x4
mov ebx, 0x1
mov ecx, message
mov edx, 0xF
int 0x80
mov eax, 0x1
mov ebx, 0x0
...
