Creating OSX shellcodes

I decided to play around with OS X shellcodes, now this time instead of writing a brand new post about it, I will paste here 3 other posts, which I found really useful to get started.

A few highlights:
  • OS X is a nix based system, so essentially shellcode creation is like on Linux, you can use syscalls
  • These days OS X is x64 only, so you need to pass arguments in the registers, the order is: RDI, RSI, RDX, R10, R8 and R9
  • syscalls are done through the syscall command, which is stored in the RAX register
  • You need to add 0x20000000 to the syscall number
I created two NULL byte free shellcodes for OS X x64:

1. A simple /bin/sh code:
2: A bind TCP shell, listening on port 4444:

I also posted them on my github page:

