My Pastes
Public Pastes
Layout Width
Share Pastebin
Guest
Public paste!

Untitled

By: a guest | Mar 21st, 2010 | Syntax: C | Size: 2.65 KB | Hits: 107 | Expires: Never
Download | Raw | Embed | Report abuse
This paste has a previous version, view the difference. Copy text to clipboard
  1. #include <unistd.h>
  2. #include <stdio.h>
  3. #include <string.h>
  4. #include <stdlib.h>
  5.  
  6. int main(void) {
  7.         uid_t uid = geteuid();
  8.         setuid(uid);
  9.         system("clear");
  10.         printf("Want to play a game? ");
  11.         char buff[128];
  12.         fgets(buff, 127, stdin);
  13.         sleep(2);
  14.         int length = strlen(buff);
  15.         if(length == -10) {
  16.                 printf("Good job! Spawning shell...\n\n\n");
  17.                 execl("/bin/sh", "sh");
  18.         } else {
  19.                 printf("Incorrect password!\nGoodbye!\n\n");
  20.         }
  21.         return 0;
  22. }
  23.  
  24.  
  25. Dump of assembler code for function main:
  26. 0x08048574 <main+0>:    lea    ecx,[esp+0x4]
  27. 0x08048578 <main+4>:    and    esp,0xfffffff0
  28. 0x0804857b <main+7>:    push   DWORD PTR [ecx-0x4]
  29. 0x0804857e <main+10>:   push   ebp
  30. 0x0804857f <main+11>:   mov    ebp,esp
  31. 0x08048581 <main+13>:   push   ecx
  32. 0x08048582 <main+14>:   sub    esp,0xa4
  33. 0x08048588 <main+20>:   call   0x80484a4 <geteuid@plt>
  34. 0x0804858d <main+25>:   mov    DWORD PTR [ebp-0xc],eax
  35. 0x08048590 <main+28>:   mov    eax,DWORD PTR [ebp-0xc]
  36. 0x08048593 <main+31>:   mov    DWORD PTR [esp],eax
  37. 0x08048596 <main+34>:   call   0x8048454 <setuid@plt>
  38. 0x0804859b <main+39>:   mov    DWORD PTR [esp],0x8048700
  39. 0x080485a2 <main+46>:   call   0x8048414 <system@plt>
  40. 0x080485a7 <main+51>:   mov    DWORD PTR [esp],0x8048706
  41. 0x080485ae <main+58>:   call   0x8048474 <printf@plt>
  42. 0x080485b3 <main+63>:   mov    eax,ds:0x8049890
  43. 0x080485b8 <main+68>:   mov    DWORD PTR [esp+0x8],eax
  44. 0x080485bc <main+72>:   mov    DWORD PTR [esp+0x4],0x7f
  45. 0x080485c4 <main+80>:   lea    eax,[ebp-0x8c]
  46. 0x080485ca <main+86>:   mov    DWORD PTR [esp],eax
  47. 0x080485cd <main+89>:   call   0x8048424 <fgets@plt>
  48. 0x080485d2 <main+94>:   mov    DWORD PTR [esp],0x2
  49. 0x080485d9 <main+101>:  call   0x8048484 <sleep@plt>
  50. 0x080485de <main+106>:  lea    eax,[ebp-0x8c]
  51. 0x080485e4 <main+112>:  mov    DWORD PTR [esp],eax
  52. 0x080485e7 <main+115>:  call   0x8048464 <strlen@plt>
  53. 0x080485ec <main+120>:  mov    DWORD PTR [ebp-0x8],eax
  54. 0x080485ef <main+123>:  cmp    DWORD PTR [ebp-0x8],0xfffffff6
  55. 0x080485f3 <main+127>:  jne    0x8048617 <main+163>
  56. ---Type <return> to continue, or q <return> to quit---
  57. 0x080485f5 <main+129>:  mov    DWORD PTR [esp],0x804871c
  58. 0x080485fc <main+136>:  call   0x8048494 <puts@plt>
  59. 0x08048601 <main+141>:  mov    DWORD PTR [esp+0x4],0x804873a
  60. 0x08048609 <main+149>:  mov    DWORD PTR [esp],0x804873d
  61. 0x08048610 <main+156>:  call   0x8048444 <execl@plt>
  62. 0x08048615 <main+161>:  jmp    0x8048623 <main+175>
  63. 0x08048617 <main+163>:  mov    DWORD PTR [esp],0x8048745
  64. 0x0804861e <main+170>:  call   0x8048494 <puts@plt>
  65. 0x08048623 <main+175>:  mov    eax,0x0
  66. 0x08048628 <main+180>:  add    esp,0xa4
  67. 0x0804862e <main+186>:  pop    ecx
  68. 0x0804862f <main+187>:  pop    ebp
  69. 0x08048630 <main+188>:  lea    esp,[ecx-0x4]
  70. 0x08048633 <main+191>:  ret
create new paste | create new version of this paste RAW Paste Data