ㅍ
| Panel |
|---|
Excuse the ads! We need some help to keep our site up.
...
| Code Block | ||
|---|---|---|
| ||
lazenca0x0@ubuntu:~/ASM$ gcc -o shellcode -fno-stack-protector -z execstack --no-pie -m32 shellcode.c
test.c:5:15: warning: array 'code' assumed to have one element
unsigned char code[];
^
lazenca0x0@ubuntu:~/ASM$ ./shellshellcode
Shellcode len : 2
Segmentation fault (core dumped)
lazenca0x0@ubuntu:~/ASM$ |
...
| Code Block | ||
|---|---|---|
| ||
lazenca0x0@ubuntu:~/ASM$ gdb -q ./shellshellcode Reading symbols from ./shellshellcode...(no debugging symbols found)...done. gdb-peda$ disassemble main Dump of assembler code for function main: 0x0804846b <+0>: lea ecx,[esp+0x4] 0x0804846f <+4>: and esp,0xfffffff0 0x08048472 <+7>: push DWORD PTR [ecx-0x4] 0x08048475 <+10>: push ebp 0x08048476 <+11>: mov ebp,esp 0x08048478 <+13>: push ecx 0x08048479 <+14>: sub esp,0x14 0x0804847c <+17>: sub esp,0xc 0x0804847f <+20>: push 0x804a040 0x08048484 <+25>: call 0x8048340 <strlen@plt> 0x08048489 <+30>: add esp,0x10 0x0804848c <+33>: mov DWORD PTR [ebp-0xc],eax 0x0804848f <+36>: sub esp,0x8 0x08048492 <+39>: push DWORD PTR [ebp-0xc] 0x08048495 <+42>: push 0x8048550 0x0804849a <+47>: call 0x8048320 <printf@plt> 0x0804849f <+52>: add esp,0x10 0x080484a2 <+55>: sub esp,0x8 0x080484a5 <+58>: push 0x804a040 0x080484aa <+63>: push 0x804a074 0x080484af <+68>: call 0x8048330 <strcpy@plt> 0x080484b4 <+73>: add esp,0x10 0x080484b7 <+76>: mov DWORD PTR [ebp-0x10],0x804a074 0x080484be <+83>: mov eax,DWORD PTR [ebp-0x10] 0x080484c1 <+86>: call eax 0x080484c3 <+88>: nop 0x080484c4 <+89>: mov ecx,DWORD PTR [ebp-0x4] 0x080484c7 <+92>: leave 0x080484c8 <+93>: lea esp,[ecx-0x4] 0x080484cb <+96>: ret End of assembler dump. gdb-peda$ b *0x080484af Breakpoint 1 at 0x80484af gdb-peda$ r Starting program: /home/lazenca0x0/ASM/shell Shellcode len : 2 Breakpoint 1, 0x080484af in main () gdb-peda$ x/64bx 0x804a074 0x804a074 <code>: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x804a07c: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x804a084: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x804a08c: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x804a094: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x804a09c: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x804a0a4: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x804a0ac: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 gdb-peda$ gdb-peda$ x/64bx 0x804a040 0x804a040 <shellcode>: 0xe8 0x0f 0x00 0x00 0x00 0x48 0x65 0x6c 0x804a048 <shellcode+8>: 0x6c 0x6f 0x2c 0x20 0x77 0x6f 0x72 0x6c 0x804a050 <shellcode+16>: 0x64 0x21 0x0a 0x0d 0x59 0xb8 0x04 0x00 0x804a058 <shellcode+24>: 0x00 0x00 0xbb 0x01 0x00 0x00 0x00 0xba 0x804a060 <shellcode+32>: 0x0f 0x00 0x00 0x00 0xcd 0x80 0xb8 0x01 0x804a068 <shellcode+40>: 0x00 0x00 0x00 0xbb 0x00 0x00 0x00 0x00 0x804a070 <shellcode+48>: 0xcd 0x80 0x00 0x00 0xe8 0x0f 0x00 0x00 0x804a078: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 gdb-peda$ |
...