shellcode

Purpose : I was trying to take advantage of the RIP mode in x86-64. Even though the assembly performs as expected on its own, the shellcode does not. The Problem : Concisely what I tried was this, jmp l1 str1: db "some string" l1: other code lea rax, [rel str1] I used the above at various places, it failed only at certain places and succeeded in other places. I tried to play around and could not find any pattern when it fails. When variable(str1: db instruction) position is after the instruction accessing it, it never failed(in my observations). However, I want to remove nulls, hence I placed

I'm trying to execute this simple opcode for exit(0) call by overwriting the return address of main. The problem is I'm getting segmentation fault. #include <stdio.h> char shellcode[]= "/0xbb/0x14/0x00/0x00/0x00" "/0xb8/0x01/0x00/0x00/0x00" "/0xcd/0x80"; void main() { int *ret; ret = (int *)&ret + 2; // +2 to get to the return address on the stack (*ret) = (int)shellcode; } Execution result in Segmentation error. [user1@fedo BOF]$ gcc -o ExitShellCode ExitShellCode.c [user1@fedo BOF]$ ./ExitShellCode Segmentation fault (core dumped) This is the Objdump of the shellcode.a [user1@fedo BOF]$

I don't quite understand how variables can be stored in the text section and how they can be manipulated. Shouldn't all variables be in the .data section and aren't all part of the .text section read-only? How does this code work then? [Code taken from Shellcoder's Handbook ] Section .text global _start _start: jmp short GotoCall shellcode: pop esi xor eax, eax mov byte [esi + 7], al lea ebx, [esi] mov long [esi + 8], ebx mov long [esi + 12], eax mov byte al, 0x0b mov ebx, esi lea ecx, [esi + 8] lea edx, [esi + 12] int 0x80 GotoCall: call shellcode db '/bin/shJAAAAKKKK' Paweł Łukasik Well, the

I am creating a training on buffer overflows and stack/heap attacks. I am working on an Ubuntu 12.04 x86_64 machine and want to show some sample buggy programs and the ways you could exploit those vulnerabilities. I am trying to start with the most basic shellcode I have found so far, the simple exit call, which should exit the program being overflowed. Hereby the exitcall.asm : ;exitcall.asm [SECTION .text] global _start _start: xor ebx,ebx ; zero out ebx, same function as mov ebx,0 mov al, 1 ; exit command to kernel int 0x80 I've got this asm file from other tutorials, written for i386

I'm trying to execute shellcode within a Go program, similar to how you can do it with other languages. Example 1 - Shellcode in C program Example 2 - http://www.debasish.in/2012/04/execute-shellcode-using-python.html All methods have broadly similar techniques - assign the shellcode to executable memory via the OS specific allocation (mmap, virtualalloc, etc) and then execute the code by creating a function pointer pointing to that location before executing. Here is my horrible hacky example at performing the same thing in Go. The shellcode has manipulations performed on it before being