cheatsheets/cheatsheets/security/exploitation/shellcode.md

---

title: Shellcoding Tips categories: [cheatsheets]

tags: [security, exploitation]

Shellcode

Defeat null-bytes

For:

    mov eax, 0

Use:

    xor eax, eax  ; to clear/zero a register

For:

    mov ebx, 0x00XX

Use:

    mov ebx, 0x11XX
    shle 0x8
    shr 0x8

Convert objectdump to a hex string of shellcode

for i in $(objdump -d <objfile.o> |grep "^ " |cut -f2); do echo -n '\x'$i; done; echo

Execute shellcode in C-Code

char shellcode[] = "H1 ....";

int main() {
    int(*ret)() = (int(*)())shellcode;
    ret();
    return 0;
}