Skip to content

Instantly share code, notes, and snippets.

@0xFF1E071F
Created November 15, 2020 00:32
Show Gist options
  • Save 0xFF1E071F/ca71836811febc2f18f077547b42661b to your computer and use it in GitHub Desktop.
Save 0xFF1E071F/ca71836811febc2f18f077547b42661b to your computer and use it in GitHub Desktop.
Hello World schell code using mmap
// gcc hwshellcode.c -o hwshellcode
#include <stdio.h>
#include <sys/mman.h>
#include <string.h>
#include <stdlib.h>
int (*sc)();
/*
00000000 EB1E jmp short 0x20
00000002 B801000000 mov eax,0x1
00000007 BF01000000 mov edi,0x1
0000000C 5E pop rsi
0000000D BA0C000000 mov edx,0xc
00000012 0F05 syscall
00000014 B83C000000 mov eax,0x3c
00000019 BF00000000 mov edi,0x0
0000001E 0F05 syscall
00000020 E8DDFFFFFF call 0x2
00000025 48656C6C6F20576F726C640A Hello World\r\n
*/
const unsigned char code[] = {
0xeb, 0x1e, 0xb8, 0x01, 0x00, 0x00, 0x00, 0xbf, 0x01, 0x00, 0x00, 0x00,
0x5e, 0xba, 0x0c, 0x00, 0x00, 0x00, 0x0f, 0x05, 0xb8, 0x3c, 0x00, 0x00,
0x00, 0xbf, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x05, 0xe8, 0xdd, 0xff, 0xff,
0xff, 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64,
0x0a
};
int main(int argc, char** argv){
void *ptr = mmap(0, sizeof(code), PROT_EXEC | PROT_WRITE | PROT_READ, MAP_ANON | MAP_PRIVATE, -1, 0);
if (ptr == MAP_FAILED){
perror("[ - ] mmap failed");
exit(-1);
}
memcpy(ptr, code, sizeof(code));
sc = ptr;
sc();
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment