shellcode

问题 I played around with buffer overflows on Linux (amd64) and tried exploiting a simple program, but it failed. I disabled the security features (address space layout randomization with sysctl -w kernel.randomize_va_space=0 and nx bit in the bios). It jumps to the stack and executes the shellcode, but it doesn't start a shell. The execve syscall succeeds but afterwards it just terminates. Any idea what's wrong? Running the shellcode standalone works just fine. Bonus question: Why do I need to

问题 For my Question when I tried to create a example of NASM under ubuntu 64-bit version and execute it after assembled and linked into ELF. It return error messages as below when I execute NASM -f elf64 -o firstasm.o firstasm.asm ld -o firstasm firstasm.o firstasm Segmentation fault (core dumped) My NASM code would be below where I tried to perform simple write() and exit() function section .data ;Data segment msg db "This line is test", 0x0a section .text ;text segment global _start ;Default

问题 .global main main: call func .string "/bin/sh" func: push %rsp pop %rsi pop %rdi mov $0x00, %edx mov $0x3b, %eax syscall I wrote assembly lagunage like above for execute /bin/sh I compiled it but when I try to execute program, /bin/sh: 0: Can't open ???? this error is occur. It doesn't execute /bin/sh. I want to know why I can't execute /bin/sh I'm using Ubuntu 16.04 and x64 Architectures 回答1: Your code is needlessly hard to follow because of using push/pop in a weird way, but running your

问题 I am trying to spawn a shell with some shellcode. The payload is in the program itself, however, when I run then program individually I get a segmentation fault, but when running in gdb, my shell opens. Can someone point out what the problem might be? MrMox@ubuntu:~/folder$ ./a.out h h Segmentation fault (core dumped) MrMox@ubuntu:~/folder$ gdb -q a.out Reading symbols from /home/folder/a.out...done. (gdb) run h h Starting program: /home/folder/a.out h h process 22119 is executing new program

问题 I would like to test a buffer-overflow by writing "Hello World" to console (using Windows XP 32-Bit). The shellcode needs to be null-free in order to be passed by "scanf" into the program I want to overflow. I've found plenty of assembly-tutorials for Linux, however none for Windows. Could someone please step me through this using NASM? Thxxx! 回答1: Assembly opcodes are the same, so the regular tricks to produce null-free shellcodes still apply, but the way to make system calls is different.

问题 I'm trying to write a decoder stub and I'm running into a restriction on 0xFF as a bad character. I'm using the jmp-call-pop method to get the address of my encoded shellcode into a register. Here's the relevant snippet: 401012: e8 eb ff ff ff call 0x401002 It seems like call will always use 0xFF in its bytes. Is there another instruction that, when executed, will push rip onto the stack and jump to another section of code? I've tried just pushing the address onto the stack manually, but that

问题 I have doing an exercise about a buffer overload on a C program, the goal of this problem is to get the root shell once I have inserted a shellcode into the program. This is what I have until now: STEP 1.- Firstable let´s see my C code in the file called file.c : root@kali:~# cat ./file.c #include <stdio.h> #include <string.h> void premio() { printf("I have altered the programs flow\n"); } int main(int argc, char *argv[]) { char buffer[100]; if (argc != 2) { printf("Use: %s argument\n",argv[0

问题 For a task I need to create simple shellcode, but it is not allowed that it contains \x80. Notice: To make a system call on linux, like write or exit, you need among others this line: int 0x80 , which in the end will produce shellcode including \x80. Nevertheless I need to make system calls, so my idea now is to use a variable for the interrupt vector number. For example 0x40 and then multiply it with 2, so in the end there will be a \x40 but not a \x80 in the shellcode. The problem is that

问题 I've tried to run a lot of shell-codes via C program to test them. Here it is #include<stdio.h> #include<string.h> unsigned char code[] = "shell here"; main() { printf("Shellcode Length: %d\n", strlen(code)); int (*ret)() = (int(*)())code; ret(); } And here's example of shellcode "\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb"\ "\x16\x5b\x31\xc0\x88\x43\x07\x89\x5b\x08\x89"\ "\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d\x53\x0c\xcd"\ "\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f"\ "\x73\x68\x58\x41\x41

问题 I am writing shellcode exploits with python3. However, when I try and output some hex bytes. e.g. using the line - python3 -c 'print("\x8c")' | xxd The value in xxd is c28c , rather than the expected 8c This issue does not occur in python2. 回答1: Your issue arises because Python 3 handles strings as Unicode, and print expects Unicode to encode some output for your terminal. Try the following to bypass this: python3 -c "import sys; sys.stdout.buffer.write(b'\x8c')" | xxd 来源： https:/