Here’s a quick one liner to make linux shell code that runs “exec /bin/bash”. The last argument of c to msfencode generates the c.
The program msfpayload will generate shell code to run exec(“/bin/sh”) on linux and msfencode will remove all the \x00 (null bytes), as well as \xff bytes.
This is shellcode.h:
We can test this by this simple C program:
When run normally, this program takes in one argument, an input, and then prints out the address of the shellcode buffer. (This is a contrived example.)
So now all we have to do is overflow the buffer, and put the address of the shellcode (backwards due to little endianess).
And as you can see we have launched /bin/sh.