This repository contains an x64 Linux shellcode designed to spawn a /bin/sh shell with the -p option enabled, preserving the effective user ID (EUID). The shellcode is 44 bytes in length and is entirely null byte-free. Unlike typical shellcode optimized for minimal size, this code does not prioritize size reduction. While it could be further refined to reduce its size, achieving maximum size efficiency is not the primary goal of this implementation.
- Shellcode that spawns a
/bin/shshell. - Preservation of elevated privileges (EUID).
- Compatible with x64 Linux environments.
- Designed for use in CTF challenges, and educational purposes.
This repository is intended for educational purposes only. Use of the code contained within should be done in a legal and ethical manner.
This repository contains two different approaches for using the provided shellcode, depending on whether you want to work with a commented assembly file or embed the shellcode directly in Python.
If you wish to work with the commented assembly code, you will need to use the script script_as.py. This script relies on external tools for assembling and compiling the shellcode. Please ensure that the following tools are installed on your system:
- as: The GNU Assembler, used to assemble the
.sfile into an object file. - objcopy: A tool from GNU Binutils, used to extract the shellcode from the object file into raw binary format.
- Run
python3 script_as.py
If you prefer to work with the shellcode embedded directly within Python, you only need the spawn.py file. This script uses the pwntools library to assemble the shellcode and execute it within a process.
- Run
python3 spawn.py
This repository is no longer actively maintained.