Skip to content

0x5da/New-Shellcode-Injection-Exploit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 

Repository files navigation

Shellcode Injection Exploit

Author

Created by 0x5da (Toasty / OsintToast / WoahToast)
Exploit Developer & Security Engineer • OSINT • Malware Analysis • Pentesting Tools
https://www.imperiumsolutions.xyz/GitHub @0x5da

This project and all code in this directory were fully written and designed by me. You may use, study, and build upon it for authorized security research and education only.


What This Is

A shellcode injection proof-of-concept. The vulnerable program uses gets() to read into a stack buffer and prints the buffer’s address. The binary is compiled with an executable stack and no NX, so we can place shellcode in the buffer and overwrite the return address to point into our buffer. When the function returns, execution jumps to our shellcode (here, x64 execve("/bin/sh", 0, 0)), giving a shell.

Why I Made It

I built this as the classic “overflow + executable stack + shellcode” example. It’s the most direct form of code execution after a stack overflow and is still useful in CTFs and in environments where NX is disabled (e.g. some embedded or legacy systems).

What It’s Used For

  • Learning — See how buffer address leak + overflow + exec stack lead to code execution.
  • CTF / labs — Template for shellcode challenges.
  • Reference — Minimal x64 execve shellcode and payload layout.

Contents

File Description
vulnerable.c Prints buffer address, then gets() into a 128-byte buffer. No NX, so stack is executable.
shellcode_payload.c Builds payload: nopsled, shellcode (execve("/bin/sh")), padding to saved RIP, then the buffer address so return jumps into the shellcode.
Makefile Builds the vulnerable binary and the exploit (with -z execstack for the target).

How to Build

make

How to Use

  1. Build: make
  2. Run the vulnerable program once to get the buffer address from its output (or disable ASLR).
  3. Run:
    ./shellcode_payload <buffer_addr_hex> | ./vulnerable
    Example:
    ./exploit 0x7fffffffe000 | ./vulnerable
  4. If the address is correct and the stack is executable, you get a shell.

Notes

  • The shellcode is position-independent and uses the stack for the /bin/sh string (built in the instructions).
  • On modern systems, executable stack is less common; ret2libc/ROP are used when NX is on.

Use only on systems you own or have explicit permission to test.

About

I built this as the classic “overflow + executable stack + shellcode” example. It’s the most direct form of code execution after a stack overflow and is still useful in CTFs and in environments where NX is disabled (e.g. some embedded or legacy systems).

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors