问题:在FreeBSD中,创建一个打开文件、向文件写数据、然后关闭文件的shellcode。
代码如下:
BITS 32
xor eax,eax
jmp short string
code:
pop esi
mov byte [esi+7],al
mov al,0x1
push eax
push esi
mov al,0x5
push eax
int 0x80
mov esi,eax
push 0x68732f6e
push 0x69622f2f
mov ecx,esp
mov bl,0x8
push ebx
push ecx
push esi
push eax
mov al,0x4
int 0x80
push esi
push eax
mov al,0x6
int 0x80
xor ebx,ebx
push ebx
push ebx
mov al,0x1
int 0x80
string:
call code
db 'out.txt'
汇编通过,可以正确执行。
/* The following shellcode is 67 bytes long: */
char shellcode[] =
"\x31\xc0\xeb\x33\x5e\x88\x46\x07\xb0\x01\x50\x56\xb0\x05\x50"
"\xcd\x80\x89\xc6\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89"
"\xe1\xb3\x08\x53\x51\x56\x50\xb0\x04\xcd\x80\x56\x50\xb0\x06"
"\xcd\x80\x31\xdb\x53\x53\xb0\x01\xcd\x80\xe8\xc8\xff\xff\xff"
"\x6f\x75\x74\x2e\x74\x78\x74";
阅读(662) | 评论(0) | 转发(0) |