shellcode Questions

2

Solved

I am trying to convert an assembly program I wrote into NULL-free shellcode. However, I am unsure how to go about this for certain instructions. Some of them (in Intel syntax) include: push 0x1000 ...
Leucoplast asked 28/7, 2011 at 3:57

4

I wrote a simple ASM file and ran it in a C file I'd written. I got a segentation fault. However, when I execute the compiled ASM file, I get no error. I am running 64 bit and using 32 bit shellco...
Sales asked 9/1, 2014 at 21:9

7

Solved

I want a simple C method to be able to run hex bytecode on a Linux 64 bit machine. Here's the C program that I have: char code[] = "\x48\x31\xc0"; #include <stdio.h> int main(int argc, char ...
Ludivinaludlew asked 31/3, 2012 at 23:53

3

Solved

I'm trying to execute shellcode within a Go program, similar to how you can do it with other languages. Example 1 - Shellcode in C program Example 2 - http://www.debasish.in/2012/04/execute-shel...
Carbrey asked 15/5, 2015 at 15:38

5

I want to exploit a stack based buffer overflow for education purposes. There is a typical function called with a parameter from main, which is given as input from the program a local buffer where...
Hemorrhage asked 5/1, 2012 at 11:11

2

Is is possible to concatenate bytes to str? >>> b = b'this is bytes' >>> s = 'this is string' >>> b + s Traceback (most recent call last): File "<stdin>"...
Ammoniac asked 30/9, 2020 at 14:41

7

Solved

WARNING: This is an exploit. Do not execute this code. //shellcode.c char shellcode[] = "\x31\xc0\x31\xdb\xb0\x17\xcd\x80" "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" "\...
Lapotin asked 24/4, 2010 at 19:36

5

I've been working on some exploit development recently to get ready for a training course, and I've run into a problem with a tutorial. I've been following along with all the tutorials I can find, ...
Perlaperle asked 17/6, 2011 at 17:38

1

Solved

A prior related question was answered. Thank you! However this creates a new question for me. Why does nasm put data bytes at two different memory locations? I include program information and other...
Slice asked 13/7, 2020 at 22:40

1

Solved

I'm learning to write a simple shell code using assembly. I get a Segment fault when the mov opcode executes to write over the db data. Why? Any guidance appreciated! Debugging with gdb confirms th...
Mannered asked 10/7, 2020 at 19:55

4

Can anyone help me on a Python reverse shell one-liner for Windows (has to be windows one-liner). I am trying to modify the one for Linux which I have used many times but this is my first time for...
Pacific asked 23/6, 2016 at 12:28

3

Solved

I have some sample code from a shell code payload showing a for loop and using push/pop to set the counter: push 9 pop ecx Why can it not just use mov? mov ecx, 9
Carefree asked 16/6, 2019 at 12:24

1

Solved

I'm trying to write a decoder stub and I'm running into a restriction on 0xFF as a bad character. I'm using the jmp-call-pop method to get the address of my encoded shellcode into a register. Here'...
Gawky asked 21/4, 2019 at 0:17

1

Solved

I have some example code here which I'm using to understand some C behaviour for a beginner's CTF: // example.c #include <stdio.h> void main() { void (*print)(); print = getenv("EGG");...
Disinfectant asked 16/11, 2018 at 22:31

6

I have a small program where I wish to pass shellcode as argument. In the shellcode, there is a necessity to pass \x00. I tried the following command: ./program `python -c 'print "\x01\x00\x00\x00...
Menorca asked 6/9, 2011 at 7:17

1

Solved

I am trying to execute the following with execve: /bin//nc -lnke /bin/bash -p 4444 When reading the man page for execve, I see the following requirements: int execve(const char *filename, char *c...
Rigsby asked 4/9, 2018 at 17:23

6

Does anyone know of any online source that provides instruction alternatives to a NOP opcode ? Like 'xchg ax, ax' and the likes. I'm pretty sure that there is also a tool for it, can someone point...
Deerdre asked 29/9, 2011 at 16:13

2

I am new to x86_64 assembly programming. I was writing simple "Hello World" program in x86_64 assembly. Below is my code, which runs perfectly fine. global _start section .data msg: db "Hello t...
Pily asked 3/2, 2018 at 10:19

4

Solved

I've been learning computer security lately and come across a couple problems, and i'm having some trouble with this one in particular. I'm given a function with a fixed buffer I need to overflow...
Uppsala asked 1/5, 2013 at 19:58

1

Solved

Even though both the programs abide by relative addressing instructions required for shellcode execution, and both print the desired message on execution, the 2nd Sample fails when used as a shellc...
Pomp asked 11/12, 2017 at 21:19

2

Solved

I don't quite understand how variables can be stored in the text section and how they can be manipulated. Shouldn't all variables be in the .data section and aren't all part of the .text section re...
Incunabula asked 13/9, 2017 at 16:58

1

Solved

Is there some tool to disassemble a raw hex into assembly instructions? for example: lets say we have \xeb\x1d that disassemble into jmp 0x1f according to this online disassembler. So is ther...
Fleck asked 27/6, 2017 at 13:41

1

Solved

I'm trying to place and execute program-code into a shared-memory region. Initializing and allocating the shared memory as well as copying the shellcode into the "new" memory works as intende...
Effusive asked 8/5, 2017 at 14:7

2

Solved

I played around with buffer overflows on Linux (amd64) and tried exploiting a simple program, but it failed. I disabled the security features (address space layout randomization with sysctl -w kern...
Virtual asked 18/5, 2010 at 16:24

1

Solved

I am confused with the syscall of __NR_execve. When I learn linux system call. The correct way that I know to use execve is like this: char *sc[2]; sc[0]="/bin/sh"; sc[1]= NULL; execve(sc[0],sc...
Rapscallion asked 17/4, 2016 at 7:23

© 2022 - 2024 — McMap. All rights reserved.