summaryrefslogtreecommitdiffstats
path: root/templates/shellcode (follow)
AgeCommit message (Collapse)AuthorFilesLines
2022-02-27shellcode: Initialize envp to NULLMalfurious2-0/+2
This issue was discovered a while back, during one of the CTFs, and was particularly a problem with the 32-bit shellcode. Because the third kernel argument register was not being set by the payload, we would essentially pass garbage. I'm only committing this now, as I've recently been able to reproduce the related failure and demonstrate this patch working. I never actually observed the 64-bit shellcode fail for this reason on a target, but it is also patched for correctness. Argument 3 to execve() is the environment pointer, a pointer to array of strings to define the process's environment variables. Although this argument should point to an empty array (ptr to NULL) if empty, Linux allows the pointer itself to be NULL in this case - thus the xor of the register. Signed-off-by: Malfurious <m@lfurio.us>
2021-08-22Add Makefile for shellcode templatesMalfurious1-0/+17
The shell*.asm files are considered the default programs and the expected use-case for utilizing the templates is to edit these files to implement the desired shellcode. I figure that literal shellcode makes the most sense of what to expect by default. 'make all' will assemble and link the shellcode (so it can actually be directly executed via the output elf files), and feed the disassembly into shelltool for use elsewhere. Signed-off-by: Malfurious <m@lfurio.us>
2021-08-22Refactor genhex into shelltoolMalfurious1-0/+30
For convenience, I've rewritten my old shellcode parser program in Python. It is moved to the shellcode templates dir and renamed to shelltool. As a new feature, shelltool will now check the result for NULL bytes and newline bytes that may cause problems in an exploit. Signed-off-by: Malfurious <m@lfurio.us>
2021-08-22Add sys_exit shellcode templatesMalfurious2-0/+16
Signed-off-by: Malfurious <m@lfurio.us>
2021-08-22Add generic /bin/sh shellcode templatesMalfurious2-0/+29
Signed-off-by: Malfurious <m@lfurio.us>