I'm trying to trigger sys_execve (X86_64).
section .data
file db "/bin/sh",0
section .text
global _start
_start:
mov rax, 59
mov rdi, file
lea rsi, [file]
mov rdx, 0
syscall
It gives Segmentation fault
What am I doing wrong?
I even tried to put it in a C source:
int main(void)
{
char shellcode[] =
"\xb8\x3b\x00\x00\x00"
"\x48\xbf\xd0\x00\x60\x00\x00"
"\x00\x00\x00"
"\x48\x8d\x34\x25\xd0\x00\x60"
"\x00"
"\xba\x00\x00\x00\x00"
"\x0f\x05";
(*(void (*)()) shellcode)();
return 0;
}
This also gives me a Segmentation fault...
I figured it out:
section .data
file db '/bin/sh',0
file_arg db 'sh',0
argv dq file_arg, 0
section .text
global _start
_start:
mov rax, 59
mov rdi, file
mov rsi, argv
mov rdx, 0
syscall