Solved Can't test shellcode on FreeBSD

[niekgigashvili]

I was testing shellcode on FreeBSD for i386 and amd64 but everytime I execute
it there is a SIGSEGV. I am compiling it with default compiler but also tried gcc

for i386
cc --32 -fno-stack-protector -Wl,-z,execstack shellcode.c -o shellcode

for amd64
cc -fno-stack-protector -Wl,-z,execstack shellcode.c -o shellcode

this way executables stack is marked RWE. I debugged it in gdb and as soon as there
is a call to shellcode on very first instruction there is a SIGSEGV. I don't know what is the
problem executables stack has execute flag marked so it should work. I also tested different
shellcodes but still no luck. Do I need to disable stack NX from sysctl variable too
or are there some other mitigations that needs to be disabled?

C code to test shellcode:

char sc[] = "some shellcode";

int
main(int argc, char **argv)
{
   void (*fn)() = (void *)sc;
   fn();

   return 0;
}

 

[tobik@]

In your example sc isn't stored on the stack. Move it to a local variable.

#include <stdio.h>

int
main(int argc, char **argv)
{
    char sc[] = {0xb8, 0x05, 0x00, 0x00, 0x00, 0xc3};
    int (*fn)() = (void *)sc;
    printf("ret: %i\n", fn());

    return 0;
}

 

[niekgigashvili]

Thanks it worked I didn't pay attention silly of me