Re: shellcoding on gentoo

["Mike Davis" <mdavis () imperfectnetworks com>]

ive written similar code recently using gentoo also, running on an amd 2200 
XP:

i use GCC to build my assembler rather then nasm, could potentially be an 
issue there?
its also worth noting at&t syntax..

<snipped>
//close:
        "\x89\xf3"                    // mov    %esi,%ebx
        "\x31\xc0"                    // xor    %eax,%eax
        "\xb0\x06"                    // mov    $0x6,%al
        "\xcd\x80"                    // int    $0x80                 ;close

        "\x87\xf7"                    // xchg   %esi,%edi
        "\x85\xc0"                    // test   %eax,%eax
        "\x74\xf"                     // jz     close

//exit:
        "\x31\xc0"                    // xor    %eax,%eax
        "\xb0\x01"                              // mov    $0x1,%al
        "\xcd\x80"                    // int    $0x80                 ;exit
<snipped>
----- Original Message ----- 
From: "Borja" <padre () correo ugr es>
To: <vuln-dev () securityfocus com>
Sent: Sunday, February 19, 2006 7:56 PM
Subject: Re: shellcoding on gentoo


> Hi
>
> Lot of ppl tell me that I did not proper zero the EAX register,so 3 MSB of 
> eax corrupt trapping the syscall, but Its OK.
> I successfully run the shellcodes on a debian box,but in gentoo,allways 
> SEGFAULT.
>
> There is it, a new log:
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------
>
> petalo shellcode # cat 1.asm
> BITS 32
>
> ;exit()
> xor eax,eax
> xor ebx,ebx
> mov eax,1
> int 0x80
>
> petalo shellcode # nasm -g -f elf 1.asm
> petalo shellcode # ld 1.o
> ld: warning: cannot find entry symbol _start; defaulting to 
> 00000000080480a0
> petalo shellcode # ./a.out
> Segmentation fault
> petalo shellcode # gdb -q a.out
> Using host libthread_db library "/lib/libthread_db.so.1".
> (gdb) break 1
> Breakpoint 1 at 0x80480a0: file 1.asm, line 1.
> (gdb) r
> Starting program: /root/code/shellcode/a.out
>
> Program terminated with signal SIGSEGV, Segmentation fault.
> The program no longer exists.
> You can't do that without a process to debug.
> (gdb) q
>
> petalo shellcode #
> Linux petalo 2.6.12-gentoo-r6 #9 Sat Dec 24 14:37:56 CET 2005 i686 AMD 
> Athlon(tm) XP 1600+ AuthenticAMD GNU/Linux
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
> I cant explain why SIGFAULT.
> I did not edit any advanced kernel configurations rather than snd card and 
> ethernet.
>
> Thanks in advance.