Linux shellcode sample
HelloWorld.nasm
;HelloWorld.asm
;Author: Kul Subedi
global _start
section .text
_start:
; print HelloWorld! in screen
mov eax, 0x4
mov ebx, 0x1
mov ecx, message
;mov edx, 12
mov edx, mlen
int 0x80
; exit program gracefully
mov eax, 0x1
mov ebx, 0x5
int 0x80
section .data
message: db "Welcome to Assembly!"
mlen equ $-message
abc.nasm
;hello.asm
[SECTION .text]
global _start
_start:
jmp short call_shellcode
shellcode:
xor eax, eax ;clean up the registers
xor ebx, ebx
xor edx, edx
xor ecx, ecx
mov al, 4 ;syscall write
mov bl, 1 ;stdout is 1
pop ecx ;get the address of the string from the stack
mov dl, 5 ;length of the string
int 0x80
xor eax, eax
mov al, 1 ;exit the shellcode
xor ebx,ebx
int 0x80
call_shellcode:
call shellcode ;put the address of the string on the stack
db 'milu'
compile.sh
#!/usr/bin/env bash echo '[+] Assembling with Nasm .. ' nasm -f elf32 -o $1.o $1.nasm echo '[+] Linking ... ' ld -o $1 $1.o echo '[+] Done!'
shel.sh
#!/usr/bin/env bash objdump -d $1 | grep '[0-9a-f]:' | grep -v 'file' | cut -d: -f2|cut -d' ' -f1-6 | tr -s ' ' | tr ' ' ' ' | sed 's/ $//g' | sed 's/ /\x/g' | paste -d '' -s | sed 's/^/"/' | sed 's/$/"/g'
abctxt.txt
"xebx19x31xc0x31xdbx31xd2x31xc9xb0x04xb3x01x59xb2x05xcdx80x31xc0xb0x01x31xdbxcdx80xe8xe2xffxffxffx6dx69x6cx75"
shellcode.c
#include <stdio.h>
#include <string.h>
unsigned char code[] ="xebx19x31xc0x31xdbx31xd2x31xc9xb0x04xb3x01x59xb2x05xcdx80x31xc0xb0x01x31xdbxcdx80xe8xe2xffxffxffx6dx69x6cx75";
main(){
printf("Shellcode Length: %d
", strlen(code));
int (*ret)() = (int(*)())code;
ret();
}
gcc_compile.sh
#!/usr/bin/env bash echo '[+] Compiling....' gcc -fno-stack-protector -z execstack $1.c -o $1 echo '[+] Done...'
============== End