execve

问题 I am trying to spawn a new process using execve() from unistd.h on Linux. I have tried passing it the following parameters execve("/bin/ls", "/bin/ls", NULL); but get no result. I do not get an error either, the program just exits. Is there a reason why this is happening? I have tried launching it as root and regular user. The reason I need to use execve() is because I am trying to get it to work in an assembly call like so program: db "/bin/ls",0 mov eax, 0xb mov ebx, program mov ecx,

问题 I am trying to spawn a new process using execve() from unistd.h on Linux. I have tried passing it the following parameters execve("/bin/ls", "/bin/ls", NULL); but get no result. I do not get an error either, the program just exits. Is there a reason why this is happening? I have tried launching it as root and regular user. The reason I need to use execve() is because I am trying to get it to work in an assembly call like so program: db "/bin/ls",0 mov eax, 0xb mov ebx, program mov ecx,

问题 I'm trying to write kind of exploit and have a problem with making my asm code run anywhere on the stack. Here's it: BITS 64 global _start _start: mov rax, 59 jmp short file c1: pop rdi jmp short argv c2: pop rsi mov rdx, 0 syscall ret file: call c1 db '/bin/sh',0 argv: call c2 dq arg, 0 <- problem arg: db 'sh',0 This code won't work anywhere on the stack due to selected line because this code can be executed anywhere on the stack so nasm can't correctly compute arg's address. (This is a

问题 My code: .section .data name: .string "/bin/sh" args: .string "-c" .string "ls" .section .text .globl _start _start: pushq $0 pushq name movq $59, %rax movq %rsp, %rdi pushq $0 pushq args movq %rsp, %rsi movq $0, %rdx syscall I know that the second argument of execve is array of chars. How to do this in assembly avoiding this: execve("./payload", ["./payload"], 0x7ffc291fd160 /* 40 vars */) = 0 execve("/bin/sh", [0x736c00632d], NULL) = -1 EFAULT (Bad address) --- SIGSEGV {si_signo=SIGSEGV, si

问题 First time poster. 2nd year CS student. I am exploring the creation of static variables in the .data section of the Virtual Address Space in the context of a C source->GCC compilation->Linux execution environment. C program is test.c int main() { register int i = 0; register int sum = 0; static int staticVar[10] = {1,2,3,4,5,6,7,8,9,-1}; Loop: sum = sum + staticVar[i]; //optimized away i = i+1; if(i != 10) goto Loop; return 0; } Asking GDB to ' disass /m ' reveals that there is no code for

问题 I am trying to execute the following with execve : /bin//nc -lnke /bin/bash -p 4444 When reading the man page for execve , I see the following requirements: int execve(const char *filename, char *const argv[], char *const envp[]); The issue I am running into is pushing arguments to argv ; I do not understand how you push an array (in assembly) for this to work properly. The assembly that I am currently using is below: global _start _start: xor eax, eax ; command push eax push 0x636e2f2f push

问题 I am trying to execute the following with execve : /bin//nc -lnke /bin/bash -p 4444 When reading the man page for execve , I see the following requirements: int execve(const char *filename, char *const argv[], char *const envp[]); The issue I am running into is pushing arguments to argv ; I do not understand how you push an array (in assembly) for this to work properly. The assembly that I am currently using is below: global _start _start: xor eax, eax ; command push eax push 0x636e2f2f push

问题 I have the following example program: #include <stdio.h> int main(int argc, char ** argv){ char buf[100]; printf("Please enter your name: "); fflush(stdout); gets(buf); printf("Hello \"%s\"\n", buf); execve("/bin/sh", 0, 0); } I and when I run without any pipe it works as it should and returns a sh promt: bash$ ./a.out Please enter your name: warning: this program uses gets() which is unsafe. testName Hello "testName" $ exit bash$ But this does not work in a pipe, i think I know why that is,

问题 I am trying to study execve shellcode, OS : Linux bt 2.6.39.4 root@bt:~/exploit# cat gshell.s .globl _start _start: nop jmp MyString shell: popl %esi xorl %eax,%eax movl %al,9(%esi) movl %esi,10(%esi) movl %eax,14(%esi) movb $11,%al movl %esi, %ebx leal 0xa(%esi),%ecx leal 0xe(%esi),%edx int $0x80 movl $1,%eax movl $0,%ebx int $0x80 MyString: call shell shellvar: .ascii "/bin/bashADDDDCCCC" root@bt:~/exploit# as -gstabs -o gshell.o gshell.s root@bt:~/exploit# ld -o gshell gshell.o root@bt:~

问题 I am trying to write shellcode in assembly. I need to perform a /usr/bin/killall command AND a /usr/bin/wget command. I have both commands running perfectly in shellcode with the execve() syscall. But now I want to combine these 2, but this is not possible because the program exits when the first execve() call is executed. (from the man pages of execve() : execve() does not return on success). How can I perform 2 execve() calls? Or is there another way to call both /usr/bin/killall and /usr