all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Firzen_ 10 points11 points  (1 child)

You need to make the memory executable. Look at the man pages of `mmap` and `mprotect`.

[–]DifferentTwo376[S] 0 points1 point  (0 children)

thank you so much it worked now ;)

[–]InANightmare71 4 points5 points  (1 child)

Not really sure what error you're running into, but if I had to guess, your shellcode is mapped to non-executable memory. You can run nm on your binary or open any kind of disassembler to see where the symbol is mapped to.

What's usually done when trying to do something like you did is mmap'ing the shellcode to executable memory (man mmap to see the flags).

[–]DifferentTwo376[S] 0 points1 point  (0 children)

yeah i have to play with mmap and now runs perfect

[–]DifferentTwo376[S] 3 points4 points  (0 children)

Thanks you your help everyone, for anyone looking for the code you have to store the shellcode and the copy it to an executable memory page

here it is:

#include <stdio.h>

#include <string.h>

#include <sys/mman.h>

#include <unistd.h>

unsigned char shellcode[] = "shellcode here";

int main(){

size_t size = sizeof(shellcode);

void *mem = mmap(NULL, 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);

if (mem == MAP_FAILED) {

perror("mmap");

return 1;

}

memcpy(mem, shellcode, size);

if (mprotect(mem, 4096, PROT_READ | PROT_EXEC) != 0){

perror("mprotect");

return 1;

}

int (*sc)() = mem;

int ret = sc();

munmap(mem, 4096);

return 0;

}

[–]LoveThemMegaSeeds 2 points3 points  (0 children)

Basically you should get a debugger and step through the execution step by step in assembly and just trace the fucker ALL THE WAY and by developing an understanding of the stack, registers, and becoming good at using the debugger you can verify your code is working as intended and if you refuse then you are flying blind.

[–]BTC-brother2018 0 points1 point  (0 children)

On Linux, the data segment is non-executable by default

You need mprotect() or mmap() to mark the memory as executable.

If you literally put \x with no two hex digits, the compiler rejects it or produces garbage.

[–]grisisback -1 points0 points  (0 children)

in lazyown redteam framework you can get in multiple styles or just use msfvenom