1

I am experimenting with shellcode before digging deep into it so I came across an example from the shellcoders handbook. The example is the following: 

char shellcode[] = "\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x4
\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1\xff\xff\xff\x2f\x62\x69
\x6e\x2f\x73\x68";

int main() {

int *ret;
ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
}

the shellcode is supposed to spawn a shell. However I get a segmentation fault error. I compiled the program using gcc compiler with -fno-stack-protector and -z execstack options. I took a quick look at the readelf command and it was clear that the stack is executable 

 GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4
Improve this question
1
  • Backticks are used to quote code, not to add emphasis. Commented Oct 31, 2014 at 9:32

2 Answers 2

Reset to default
2

ret is a pointer and it not pointing to any memory location when you declare it. Later you are trying to assign some value to it by adding 2 to the location the pointer is pointing to.(Which is contradictory statement )

ret = (int *)&ret + 2;/* Which is wrong */
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

True. Its clear now. Thats why you always need someone else to read what you write, because he will simply see your mistakes that you just overlook every time you re-read the code.
I downvoted this answer. The question's code is intended overwrite the return address with the address of shellcode; it is not accidental undefined behaviour. (And obviously it's not supposed to be portable or standard-conforming C)
@immibis would you like to answer the question then ?
@T-D We can't convince everyone I hope I answered your question :)
0

I compile following code using "gcc filename.cpp" command. Ti's compiled without error.I hope this will help you to solve your doubt. 

#include<stdio.h>

char shellcode[] = "\xeb\x1a\x5e\x31\xc0\x88\x46\x07\x8d\x1e\x89\x5e\x08\x89\x4\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\xe8\xe1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68";

int main() {

int *ret;
ret = (int *) ret + 2; //I don't know why you had written this
ret = (int *)shellcode;

}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.