I’ve got the following assembly piece of code:
section .text
global _start
_start:
; Store the argument string on stack
xor eax, eax
push eax ; Use 0 to terminate the string
push "bash"
mov al, 0x2f ; Set "/" to the least significant byte of eax
push eax ; Add "/" onto the stack
push "/bin"
mov ebx, esp ; Get the string address
; Construct the argument array argv[]
xor eax, eax ; eax = 0x00000000
push eax ; argv[1] = 0
push ebx ; argv[0] points "/bin/bash"
mov ecx, esp ; Get the address of argv[]
; For environment variable
xor edx, edx ; No env variables
; Invoke execve()
mov al, 0x0b ; eax = 0x0000000b
int 0x80
It’s supposed to call bash shell but it gives a segmentation fault after compiling to object code and linking to generate binary.
OS Ubuntu x86. Thanks in advance!
Adding extra shashes is forbidden to complete this task.
>Solution :
Problem is the mov al, 0x2f; push eax which will push 4 bytes not 1.
Try:
push "h"
push "/bas"
push "/bin"
mov ebx, esp ; Get the string address
Also make sure you create 32 bit binary.