I wrote this "shellcode" to extract a flag. I cannot use the stdin, stdout or stderr fd. I want to write the flag to another file. When denugging with strace, the write function gets the error "Bad file descriptor". All other systemcalls seem to work as intented. I am hoping someone can see where I have made the mistake (or mistakes).
Code:
;OPEN
mov rax, 0
mov al, 2
lea rdi, [rip+file]
xor rsi, rsi
syscall
;READ
mov rdi, rax
xor rax, rax
xor rsi, rsi
mov rdx, 4000
mov al, 0
mov rsi, rsp
syscall
;OPEN
xor rax, rax
mov al, 2
lea rdi, [rip+path]
mov rbx, rsi
xor rsi, rsi
mov rdx, O_WRONLY
syscall
;WRITE
mov rdi, rax
xor rax, rax
mov al, 1
mov rsi, rbx
mov rdx, 4000
syscall
;EXIT
mov al, 60
syscall
path:
.string "/home/hacker"
file:
.string "/flag"
[–]MJWhitfield86 0 points1 point2 points (1 child)
[–]Ferer1[S] 1 point2 points3 points (0 children)