linux/x86-64 - small novelty Happy B-day HKM shellcode 50 bytes



EKU-ID: 2732 CVE: OSVDB-ID:
Author: nitr0us Published: 2012-10-22 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


#
# -=[ Happy B-day 'HKM' Shellcode (50 bytes)
# -=[ Platform: Linux x86_64
# -=[ Author: nitr0us - http://twitter.com/nitr0usmx
# -=[ Date: XX/Sept/2012
#
#  _    _                           ____      _               _   _   _ 
# | |  | |                         |  _ \    | |             | | | | | |
# | |__| | __ _ _ __  _ __  _   _  | |_) | __| | __ _ _   _  | | | | | |
# |  __  |/ _` | '_ \| '_ \| | | | |  _ < / _` |/ _` | | | | | | | | | |
# | |  | | (_| | |_) | |_) | |_| | | |_) | (_| | (_| | |_| | |_| |_| |_|
# |_|  |_|\__,_| .__/| .__/ \__, | |____/ \__,_|\__,_|\__, | (_) (_) (_)
#              | |   | |     __/ |                     __/ |            
#              |_|   |_|    |___/                     |___/
#
#                  ___           ___           ___     
#                 /\__\         /\__\         /\__\    
#                /:/  /        /:/  /        /::|  |   
#               /:/__/        /:/__/        /:|:|  |   
#              /::\  \ ___   /::\__\____   /:/|:|__|__ 
#             /:/\:\  /\__\ /:/\:::::\__\ /:/ |::::\__\
#             \/__\:\/:/  / \/_|:|~~|~    \/__/~~/:/  /
#                  \::/  /     |:|  |           /:/  / 
#                  /:/  /      |:|  |          /:/  /  
#                 /:/  /       |:|  |         /:/  /   
#                 \/__/         \|__|         \/__/    
#
# char hkm_bday_shellcode[] =
# "\xeb\x12\x59\x48\x31\xc0\x48\x31"
# "\xdb\x48\x31\xd2\xb0\x04\xfe\xc3"
# "\xb2\x19\xcd\x80\xe8\xe9\xff\xff"
# "\xff\x7c\x2d\x7c\x34\x70\x70\x59"
# "\x20\x62\x2d\x44\x40\x79\x20\x48"
# "\x4b\x4d\x20\x3d\x44\x20\x21\x21"
# "\x21\x0a";
#
# $gcc -c hkm_bday.s
# $objdump -d ./hkm_bday.o
# Disassembly of section .text:
# 0000000000000000 <main>:
#    0:   eb 12                   jmp    14 <happy>
# 0000000000000002 <birthday>:
#    2:   59                      pop    %rcx
#    3:   48 31 c0                xor    %rax,%rax
#    6:   48 31 db                xor    %rbx,%rbx
#    9:   48 31 d2                xor    %rdx,%rdx
#    c:   b0 04                   mov    $0x4,%al
#    e:   fe c3                   inc    %bl
#   10:   b2 00                   mov    $0x0,%dl
#   12:   cd 80                   int    $0x80
# 0000000000000014 <happy>:
#   14:   e8 e9 ff ff ff          callq  2 <birthday>
# 0000000000000019 <CAKE>:
#   19:   7c 2d                   jl     48 <CAKE+0x2f>
#   1b:   7c 34                   jl     51 <CAKE+0x38>
#   1d:   70 70                   jo     8f <CAKE+0x76>
#   1f:   59                      pop    %rcx
#   20:   20 62 2d                and    %ah,0x2d(%rdx)
#   23:   44                      rex.R
#   24:   40 79 20                rex jns 47 <CAKE+0x2e>
#   27:   48                      rex.W
#   28:   4b                      rex.WXB
#   29:   4d 20 3d 44 20 21 21    rex.WRB and %r15b,0x21212044(%rip)        # 21212074 <CAKE+0x2121205b>
#   30:   21 0a                   and    %ecx,(%rdx)
#
# $gcc hkm_bday.o -o hkm_bday
# $./hkm_bday
# |-|4ppY b-D@y HKM =D !!!
#

.section .text
.globl main
main:
  jmp  happy

birthday:
  pop  %rcx
  xorq  %rax, %rax
  xorq  %rbx, %rbx
  xorq  %rdx, %rdx
  movb  $4, %al
  incb  %bl
  movb  $CAKESIZE, %dl
  int  $0x80

happy:
  call  birthday

CAKE:
.byte  0x7c,0x2d,0x7c,0x34,0x70,0x70,0x59,0x20
.byte  0x62,0x2d,0x44,0x40,0x79,0x20,0x48,0x4b
.byte  0x4d,0x20,0x3d,0x44,0x20,0x21,0x21,0x21
.byte  0x0a

CAKESIZE = . - CAKE